happyZYM 在 发现有人用阿里云的机子企图爆破我的ssh 中发帖
如题,今天突然查日志发现有人企图爆破我的ssh
我运行命令:
logfile="/var/log/auth.log"
grep "sshd" $logfile | grep "Invalid user\|Connection closed\|Received disconnect\|key type ssh-rsa not in PubkeyAcceptedAlgorithms" | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | sort | uniq -c | sort -nr
后,输出的前五行如下:
93 47.236.40.125
92 47.236.186.122
88 47.98.58.24
69 47.76.136.137
64 47.236.158.47
发现全是阿里云的