最近路由频繁嗝屁，然后想起来看看日志，这是不是被爆破了，要怎么整呢

水晶

最近路由频繁嗝屁，然后想起来看看日志，这是不是被爆破了，要怎么整呢


Sun May 15 01:16:24 2022 auth.info sshd[11944]: Received disconnect from 139.28.231.174 port 54266:11: Bye Bye [preauth]
Sun May 15 01:16:24 2022 auth.info sshd[11944]: Disconnected from invalid user vagrant 139.28.231.174 port 54266 [preauth]
Sun May 15 01:16:25 2022 auth.info sshd[11961]: Invalid user support from 139.28.231.174 port 54316
Sun May 15 01:16:25 2022 auth.err sshd[11961]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:25 2022 auth.info sshd[11961]: Failed password for invalid user support from 139.28.231.174 port 54316 ssh2
Sun May 15 01:16:25 2022 auth.info sshd[11961]: Received disconnect from 139.28.231.174 port 54316:11: Bye Bye [preauth]
Sun May 15 01:16:25 2022 auth.info sshd[11961]: Disconnected from invalid user support 139.28.231.174 port 54316 [preauth]
Sun May 15 01:16:27 2022 auth.info sshd[11978]: Invalid user debian from 139.28.231.174 port 54394
Sun May 15 01:16:27 2022 auth.err sshd[11978]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:27 2022 auth.info sshd[11978]: Failed password for invalid user debian from 139.28.231.174 port 54394 ssh2
Sun May 15 01:16:27 2022 auth.info sshd[11978]: Received disconnect from 139.28.231.174 port 54394:11: Bye Bye [preauth]
Sun May 15 01:16:27 2022 auth.info sshd[11978]: Disconnected from invalid user debian 139.28.231.174 port 54394 [preauth]
Sun May 15 01:16:29 2022 auth.info sshd[11998]: Invalid user ubuntu from 139.28.231.174 port 54524
Sun May 15 01:16:29 2022 auth.err sshd[11998]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:29 2022 auth.info sshd[11998]: Failed password for invalid user ubuntu from 139.28.231.174 port 54524 ssh2
Sun May 15 01:16:29 2022 auth.info sshd[11998]: Received disconnect from 139.28.231.174 port 54524:11: Bye Bye [preauth]
Sun May 15 01:16:29 2022 auth.info sshd[11998]: Disconnected from invalid user ubuntu 139.28.231.174 port 54524 [preauth]
Sun May 15 01:16:31 2022 auth.info sshd[12019]: Invalid user debian from 139.28.231.174 port 54646
Sun May 15 01:16:31 2022 auth.err sshd[12019]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:31 2022 auth.info sshd[12019]: Failed password for invalid user debian from 139.28.231.174 port 54646 ssh2
Sun May 15 01:16:31 2022 auth.info sshd[12019]: Received disconnect from 139.28.231.174 port 54646:11: Bye Bye [preauth]
Sun May 15 01:16:31 2022 auth.info sshd[12019]: Disconnected from invalid user debian 139.28.231.174 port 54646 [preauth]
Sun May 15 01:16:33 2022 auth.info sshd[12036]: Invalid user ubuntu from 139.28.231.174 port 54716
Sun May 15 01:16:33 2022 auth.err sshd[12036]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:33 2022 auth.info sshd[12036]: Failed password for invalid user ubuntu from 139.28.231.174 port 54716 ssh2
Sun May 15 01:16:33 2022 auth.info sshd[12036]: Received disconnect from 139.28.231.174 port 54716:11: Bye Bye [preauth]
Sun May 15 01:16:33 2022 auth.info sshd[12036]: Disconnected from invalid user ubuntu 139.28.231.174 port 54716 [preauth]
Sun May 15 01:16:34 2022 auth.info sshd[12072]: Invalid user alarm from 139.28.231.174 port 54788
Sun May 15 01:16:34 2022 auth.err sshd[12072]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:34 2022 auth.info sshd[12072]: Failed password for invalid user alarm from 139.28.231.174 port 54788 ssh2
Sun May 15 01:16:35 2022 auth.info sshd[12072]: Received disconnect from 139.28.231.174 port 54788:11: Bye Bye [preauth]
Sun May 15 01:16:35 2022 auth.info sshd[12072]: Disconnected from invalid user alarm 139.28.231.174 port 54788 [preauth]
Sun May 15 01:16:36 2022 auth.info sshd[12093]: Invalid user guest from 139.28.231.174 port 54854
Sun May 15 01:16:36 2022 auth.err sshd[12093]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:36 2022 auth.info sshd[12093]: Failed password for invalid user guest from 139.28.231.174 port 54854 ssh2
Sun May 15 01:16:36 2022 auth.info sshd[12093]: Received disconnect from 139.28.231.174 port 54854:11: Bye Bye [preauth]
Sun May 15 01:16:36 2022 auth.info sshd[12093]: Disconnected from invalid user guest 139.28.231.174 port 54854 [preauth]
Sun May 15 01:16:38 2022 auth.info sshd[12110]: Invalid user test from 139.28.231.174 port 54934
Sun May 15 01:16:38 2022 auth.err sshd[12110]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:38 2022 auth.info sshd[12110]: Failed password for invalid user test from 139.28.231.174 port 54934 ssh2
Sun May 15 01:16:38 2022 auth.info sshd[12110]: Received disconnect from 139.28.231.174 port 54934:11: Bye Bye [preauth]
Sun May 15 01:16:38 2022 auth.info sshd[12110]: Disconnected from invalid user test 139.28.231.174 port 54934 [preauth]
Sun May 15 01:16:39 2022 auth.info sshd[12127]: Invalid user cirros from 139.28.231.174 port 55040
Sun May 15 01:16:39 2022 auth.err sshd[12127]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:39 2022 auth.info sshd[12127]: Failed password for invalid user cirros from 139.28.231.174 port 55040 ssh2
Sun May 15 01:16:40 2022 auth.info sshd[12127]: Received disconnect from 139.28.231.174 port 55040:11: Bye Bye [preauth]
Sun May 15 01:16:40 2022 auth.info sshd[12127]: Disconnected from invalid user cirros 139.28.231.174 port 55040 [preauth]
Sun May 15 01:16:41 2022 auth.info sshd[12151]: Invalid user cirros from 139.28.231.174 port 55146
Sun May 15 01:16:41 2022 auth.err sshd[12151]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:41 2022 auth.info sshd[12151]: Failed password for invalid user cirros from 139.28.231.174 port 55146 ssh2
Sun May 15 01:16:42 2022 auth.info sshd[12151]: Received disconnect from 139.28.231.174 port 55146:11: Bye Bye [preauth]
Sun May 15 01:16:42 2022 auth.info sshd[12151]: Disconnected from invalid user cirros 139.28.231.174 port 55146 [preauth]
Sun May 15 01:30:30 2022 auth.err sshd[13587]: error: kex_exchange_identification: Connection closed by remote host
Sun May 15 01:30:30 2022 auth.info sshd[13587]: Connection closed by 141.98.10.175 port 33620
Sun May 15 01:30:51 2022 auth.info sshd[13647]: Unable to negotiate with 141.98.10.175 port 44480: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 01:52:20 2022 auth.err sshd[15897]: error: kex_exchange_identification: Connection closed by remote host
Sun May 15 01:52:20 2022 auth.info sshd[15897]: Connection closed by 46.19.139.42 port 37972
Sun May 15 01:52:46 2022 auth.info sshd[15961]: Unable to negotiate with 46.19.139.42 port 39262: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:06:00 2022 auth.info sshd[17340]: Failed password for root from 111.67.207.224 port 53594 ssh2
Sun May 15 02:06:00 2022 auth.info sshd[17340]: Received disconnect from 111.67.207.224 port 53594:11:  [preauth]
Sun May 15 02:06:00 2022 auth.info sshd[17340]: Disconnected from authenticating user root 111.67.207.224 port 53594 [preauth]
Sun May 15 02:07:41 2022 auth.err sshd[17534]: error: kex_exchange_identification: Connection closed by remote host
Sun May 15 02:07:41 2022 auth.info sshd[17534]: Connection closed by 46.19.139.42 port 58978
Sun May 15 02:07:57 2022 auth.info sshd[17571]: Unable to negotiate with 46.19.139.42 port 54886: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:15:42 2022 auth.err sshd[18406]: error: kex_exchange_identification: Connection closed by remote host
Sun May 15 02:15:42 2022 auth.info sshd[18406]: Connection closed by 141.98.10.157 port 34988
Sun May 15 02:22:17 2022 auth.info sshd[19101]: Failed password for root from 111.67.207.224 port 55102 ssh2
Sun May 15 02:22:17 2022 auth.info sshd[19101]: Received disconnect from 111.67.207.224 port 55102:11:  [preauth]
Sun May 15 02:22:17 2022 auth.info sshd[19101]: Disconnected from authenticating user root 111.67.207.224 port 55102 [preauth]
Sun May 15 02:24:15 2022 auth.err sshd[19324]: error: kex_exchange_identification: Connection closed by remote host
Sun May 15 02:24:15 2022 auth.info sshd[19324]: Connection closed by 157.245.102.177 port 43646
Sun May 15 02:27:10 2022 auth.err sshd[19650]: error: kex_exchange_identification: Connection closed by remote host
Sun May 15 02:27:10 2022 auth.info sshd[19650]: Connection closed by 179.43.167.74 port 45408
Sun May 15 02:27:26 2022 auth.info sshd[19687]: Unable to negotiate with 179.43.167.74 port 42448: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:27:42 2022 auth.info sshd[19737]: Unable to negotiate with 179.43.167.74 port 36070: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:32:29 2022 auth.err sshd[20231]: error: kex_exchange_identification: Connection closed by remote host
Sun May 15 02:32:29 2022 auth.info sshd[20231]: Connection closed by 20.91.186.105 port 41428
Sun May 15 02:32:53 2022 auth.info sshd[20291]: Unable to negotiate with 20.91.186.105 port 48408: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:32:59 2022 auth.info sshd[20315]: Unable to negotiate with 20.91.186.105 port 57958: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:05 2022 auth.info sshd[20355]: Unable to negotiate with 20.91.186.105 port 39280: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:12 2022 auth.info sshd[20387]: Unable to negotiate with 20.91.186.105 port 48830: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:20 2022 auth.info sshd[20418]: Unable to negotiate with 20.91.186.105 port 58382: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:27 2022 auth.info sshd[20442]: Unable to negotiate with 20.91.186.105 port 39708: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:34 2022 auth.info sshd[20466]: Unable to negotiate with 20.91.186.105 port 49264: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:42 2022 auth.info sshd[20506]: Unable to negotiate with 20.91.186.105 port 58820: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:49 2022 auth.info sshd[20533]: Unable to negotiate with 20.91.186.105 port 40138: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:57 2022 auth.info sshd[20561]: Unable to negotiate with 20.91.186.105 port 49698: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:34:05 2022 auth.info sshd[20601]: Unable to negotiate with 20.91.186.105 port 59248: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:34:13 2022 auth.info sshd[20625]: Unable to negotiate with 20.91.186.105 port 40566: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:34:20 2022 auth.info sshd[20656]: Unable to negotiate with 20.91.186.105 port 50126: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:34:32 2022 auth.info sshd[20683]: Unable to negotiate with 20.91.186.105 port 59678: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:34:37 2022 auth.info sshd[20720]: Unable to negotiate with 20.91.186.105 port 41008: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:34:45 2022 auth.info sshd[20751]: Unable to negotiate with 20.91.186.105 port 50568: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:34:54 2022 auth.info sshd[20775]: Unable to negotiate with 20.91.186.105 port 60122: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:35:03 2022 auth.info sshd[20806]: Unable to negotiate with 20.91.186.105 port 41448: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:35:11 2022 auth.info sshd[20846]: Unable to negotiate with 20.91.186.105 port 51002: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:35:20 2022 auth.info sshd[20873]: Unable to negotiate with 20.91.186.105 port 60554: no matching key exchange method found. Their offer: diffie-

EXIA文

是遭到了攻击，直接开启了外部ssh？首先把外部进来的ping禁用掉，然后把ssh映射成高位端口或者不映射

atkun

被爆破了  不要暴露在公网就好了

jjit

用不到远程ssh的话，系统，管理权，SSH 访问，接口 选择 lan，端口号也可以改一下

gaze

被攻击ssh端口很正常…
你没必要的话，
就不要把ssh端口在外网暴露。

实在有需要就禁用密码登录，
只使用公钥证书登录，

再有就是把端口设置在30000-50000左右，
尽量给攻击者增加难度。

avin4

有远程ssh需求，最好是先连微批恩建立局域网环境，然后再连ssh

水晶

gaze 发表于 2022-5-15 10:07
被攻击ssh端口很正常…
你没必要的话，
就不要把ssh端口在外网暴露。

嗯，我尝试修改下，

水晶

gaze 发表于 2022-5-15 10:07
被攻击ssh端口很正常…
你没必要的话，
就不要把ssh端口在外网暴露。

按照这个思路，我改了端口，取消了密码登陆，用了秘钥，然后在看看会不会有连接。

gaze

水晶 发表于 2022-5-15 11:59
按照这个思路，我改了端口，取消了密码登陆，用了秘钥，然后在看看会不会有连接。

有肯定还是有的，
但是你不必担心了。
现在的RSA公钥体系，
估计黑客得算个几百年才能破解…^_^

水晶

gaze 发表于 2022-5-15 16:39
有肯定还是有的，
但是你不必担心了。
现在的RSA公钥体系，

没解决 ，还是有，但是这样的话 日志会被堆满，然后  要不了一天我路由就假死，我需要重启，哎搞一天了

gaze

你这是固定ip吗？
这么招惹黑客？

如果是动态ip，不至于吧？

实在不行如果你非要对外开ssh服务的话，可以考虑『敲端口』方式…

水晶

gaze 发表于 2022-5-15 22:24
你这是固定ip吗？
这么招惹黑客？

不是，我是拨号的，问题是重播，要不了多长时间就有了，ssh基本不用，关不掉。我吧drop哪一样禁止了，还是会有。所以我都纳闷了。

水晶

gaze 发表于 2022-5-15 22:24
你这是固定ip吗？
这么招惹黑客？

我现在是直接把防火墙里的 入站数据拒绝了，不知道会有什么影响

gaze

至于LOG爆满问题，
你可以修改sshd_config里面的

SyslogFacility AUTH
LogLevel INFO

把log的水平改为QUIET从而不记录sshd的log

这样就不会把你的系统日志撑满了。

gaze

黑客攻击，不用管它，
没有证书的登录，sshd直接就拒绝了，，，根本就没有可能攻入你的路由器。

实在嫌烦，
可以设置失败次数和禁止时间，
缺省好像是3次，然后禁止2分钟…

你可以改为失败2次，禁止15分钟…

如此一来，
没啥黑客会对你这个ip地址有兴趣了…