Otu esi achọta mbọ nbanye SSH niile dara na Linux

A na-enyocha mbọ ọ bụla ịbanye na sava SSH wee dekọọ ya na faịlụ log site na iwu grep.

Iji gosi ndepụta nke nbanye SSH dara ada na Linux, wepụta ụfọdụ iwu ewepụtara na ntuziaka a. Gbaa mbọ hụ na ejiri ikike mgbọrọgwụ mee iwu ndị a.

Iwu kachasị mfe iji depụta nbanye SSH niile dara ada bụ nke egosiri n'okpuru.

# grep "Failed password" /var/log/auth.log

Enwere ike nweta otu nsonaazụ ahụ site n'inye iwu cat.

# cat /var/log/auth.log | grep "Failed password"

Iji gosipụta ozi ndị ọzọ gbasara nbanye SSH dara ada, nye iwu dị ka egosiri na ọmụmaatụ n'okpuru.

# egrep "Failed|Failure" /var/log/auth.log

Na CentOS ma ọ bụ RHEL, a na-edekọ oge SSH dara ada na /var/log/faịlụ echekwara. Nye iwu a dị n'elu megide faịlụ ndekọ a iji chọpụta nbanye SSH dara ada.

# egrep "Failed|Failure" /var/log/secure

Ụdị gbanwetụrụ ntakịrị nke iwu ahụ dị n'elu iji gosipụta nbanye SSH dara ada na CentOS ma ọ bụ RHEL bụ nke a.

# grep "Failed" /var/log/secure
# grep "authentication failure" /var/log/secure

Iji gosipụta ndepụta adreesị IP niile nwara ma ghara ịbanye na sava SSH n'akụkụ ọnụ ọgụgụ nke mbọ nke adreesị IP ọ bụla dara ada, nye iwu dị n'okpuru.

# grep "Failed password" /var/log/auth.log | awk ‘{print $11}’ | uniq -c | sort -nr

Na nkesa Linux ọhụrụ ị nwere ike jụọ faịlụ ndekọ oge ọ bụla nke Systemd daemon na-edobere site na iwu journalctl. Iji gosipụta mbọ nbanye SSH niile dara ada, ị kwesịrị ịpịpụta nsonaazụ ya site na nzacha grep, dị ka egosiri na ihe atụ iwu dị n'okpuru.

# journalctl _SYSTEMD_UNIT=ssh.service | egrep "Failed|Failure"
# journalctl _SYSTEMD_UNIT=sshd.service | egrep "Failed|Failure"  #In RHEL, CentOS 

Na CentOS ma ọ bụ RHEL, dochie SSH daemon unit na sshd.service, dị ka egosiri na iwu atụ n'okpuru.

# journalctl _SYSTEMD_UNIT=sshd.service | grep "failure"
# journalctl _SYSTEMD_UNIT=sshd.service | grep "Failed"

Mgbe ị chọpụtachara adreesị IP nke na-akụtu ihe nkesa SSH gị ugboro ugboro ka iji akaụntụ onye ọrụ na-enyo enyo wee banye na sistemụ, ị ga-emelite iwu firewall sistemụ gị ka ọ ghara ijikwa ọgụ ndị a.