詳細分析/var/log/auth.log,什麼是ssh2?

tag-icon tag-icon server ssh
詳細分析/var/log/auth.log,什麼是ssh2?

我使用該命令grep sshd.\*Failed /var/log/auth.log | less來檢查我的 Ubuntu 18.04 LTS 機器上有多少暴力流量。我注意到一些我不明白的部分。

Nov 21 12:55:53 *LOCALHOSTNAME* sshd[31151]: Failed password for invalid user john from *EXTERNAL IP* port 52162 ssh2
Nov 21 13:28:22 *LOCALHOSTNAME* sshd[31180]: Failed password for root from *EXTERNAL IP* port 47906 ssh2
Nov 21 13:37:03 *LOCALHOSTNAME* sshd[31186]: Failed password for root from *EXTERNAL IP* port 56522 ssh2
Nov 21 13:44:06 *LOCALHOSTNAME* sshd[31196]: Failed password for invalid user afar from *EXTERNAL IP* port 60040 ssh2

1)什麼是「sshd[埠?]」?

2)什麼是「ssh2」?

背景:該機器最近被滲透並用於殭屍網路。這次我會盡量表現得積極主動。

答案1

(暴力)

這意味著選擇嘗試是從 EXTERNAL IP 進行的,但沒有成功。

  + Install 
  Fail2ban 
  DenyHosts

……

輸入影像描述群組[1]

lastb

1)什麼是「sshd[埠?]」?

The authlog log file contains the following information:

• date and time: Feb 27 03:02:36;
• server name: bullit;
• remote access server: sshd;
• process pid: 18408;
• username: (phusermv);
• IP address: 77.222.44.2;

2-什麼是“ssh2”?

2 - SSH1 and SSH2 protocols / As already mentioned, sshd can work with the SSH1 and SSH2 protocols. However, the use of unsafe SSH1 is highly discouraged. You can make sshd work only with SSH2: Protocol

相關內容