ÇØÅ·½Ãµµ

   Á¶È¸ 3214   Ãßõ 0    

 

218.92.1.131

178.118.158.229

14.33.133.188

177.79.4.173

177.79.8.25

179.242.37.9

218.92.1.131


특정 ip 에서 계속 로그인 시도를 하네요.


Jun 11 19:44:14 localhost sshd[32108]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:44:57 localhost sshd[3928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:44:57 localhost sshd[3928]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:44:59 localhost sshd[3928]: Failed password for root from 218.92.1.131 port 49285 ssh2

Jun 11 19:44:59 localhost sshd[3928]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:45:01 localhost sshd[3928]: Failed password for root from 218.92.1.131 port 49285 ssh2

Jun 11 19:45:01 localhost sshd[3928]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:45:03 localhost sshd[3928]: Failed password for root from 218.92.1.131 port 49285 ssh2

Jun 11 19:45:03 localhost sshd[3928]: Received disconnect from 218.92.1.131 port 49285:11:  [preauth]

Jun 11 19:45:03 localhost sshd[3928]: Disconnected from 218.92.1.131 port 49285 [preauth]

Jun 11 19:45:03 localhost sshd[3928]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:46:10 localhost sshd[4021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:46:10 localhost sshd[4021]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:46:12 localhost sshd[4021]: Failed password for root from 218.92.1.131 port 54866 ssh2

Jun 11 19:46:12 localhost sshd[4021]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:46:14 localhost sshd[4021]: Failed password for root from 218.92.1.131 port 54866 ssh2

Jun 11 19:46:14 localhost sshd[4021]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:46:16 localhost sshd[4021]: Failed password for root from 218.92.1.131 port 54866 ssh2

Jun 11 19:46:17 localhost sshd[4021]: Received disconnect from 218.92.1.131 port 54866:11:  [preauth]

Jun 11 19:46:17 localhost sshd[4021]: Disconnected from 218.92.1.131 port 54866 [preauth]

Jun 11 19:46:17 localhost sshd[4021]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:47:08 localhost sshd[4207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:47:08 localhost sshd[4207]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:47:10 localhost sshd[4207]: Failed password for root from 218.92.1.131 port 29967 ssh2

Jun 11 19:47:11 localhost sshd[4207]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:47:13 localhost sshd[4207]: Failed password for root from 218.92.1.131 port 29967 ssh2

Jun 11 19:47:13 localhost sshd[4207]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:47:15 localhost sshd[4207]: Failed password for root from 218.92.1.131 port 29967 ssh2

Jun 11 19:47:15 localhost sshd[4207]: Received disconnect from 218.92.1.131 port 29967:11:  [preauth]

Jun 11 19:47:15 localhost sshd[4207]: Disconnected from 218.92.1.131 port 29967 [preauth]

Jun 11 19:47:15 localhost sshd[4207]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:48:14 localhost sshd[4294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:48:14 localhost sshd[4294]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:48:16 localhost sshd[4294]: Failed password for root from 218.92.1.131 port 53581 ssh2

Jun 11 19:48:16 localhost sshd[4294]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:48:18 localhost sshd[4294]: Failed password for root from 218.92.1.131 port 53581 ssh2

Jun 11 19:48:18 localhost sshd[4294]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:48:20 localhost sshd[4294]: Failed password for root from 218.92.1.131 port 53581 ssh2

Jun 11 19:48:21 localhost sshd[4294]: Received disconnect from 218.92.1.131 port 53581:11:  [preauth]

Jun 11 19:48:21 localhost sshd[4294]: Disconnected from 218.92.1.131 port 53581 [preauth]

Jun 11 19:48:21 localhost sshd[4294]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:48:50 localhost su: pam_unix(su-l:session): session opened for user root by pluton(uid=0)

Jun 11 19:49:10 localhost sshd[4374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:49:10 localhost sshd[4374]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"



이거 해석좀 해 주세요.


이지포토
ªÀº±Û Àϼö·Ï ½ÅÁßÇÏ°Ô.
¾Æ¿¹ ssh¸ðµå¸¦ Â÷´ÜÇϼ¼¿ä.
¹°·Ð ƯÁ¤ip¸¸ °¡´ÉÇϵµ·Ï ÇÏ°í,
Åë½ÅÆ÷Æ® ¿ª½Ã ¹Ù²Ù¾î ¹ö¸®¼¼¿ä.
ÀüÇô »ç¿ëÇÏÁö ¾Ê´Â ÀڽŸ¸ÀÇ Æ÷Æ®·Î...
¿¹¸¦µé¸é º»ÀÎ »ýÀÏ °°Àº 4ÀÚ¸® ¼ýÀÚ·Î...
Revione 2019-06
¹«ÀÛÀ§ ssh ÀÎÁõ½Ãµµ º¿ °°Àº°Ô µµ³ª º¸³×¿ä.
¿ø°ÝÁö ÁöÁ¤ÇÑ iptables ¼³Á¤ ¹× sshÆ÷Æ® ¹Ù²Ù¸é º¸Åë Å« ¹®Á¦ ¾ø½À´Ï´Ù.
´õ ¾ÈÀüÇÑ°É ¿øÇϽøé ÄÁÅ×À̳ʳª, ³»ºÎ »ç¼³¸ÁÀ» ¹Ú°í NAT / Æ÷Æ® Æ÷¿öµù°°Àº°Å ÇÏ¸é ½Ãµµ ·Î±×Á¶Â÷ °ÅÀÇ ¾È »ý°Ü¼­ ±ò²ûÇϱä ÇÕ´Ï´Ù...
fail2ban ¼³Ä¡ÇϽñ⠹ٶø´Ï´Ù.
±¸±Û OTP¸¦ ¼³Á¤Çصδ °Íµµ ÁÁ½À´Ï´Ù.
¾Æ´Ï¸é Æнº¿öµå ´ë½Å "ÀÎÁõ¼­Å°"°ªÀ¸·Î¸¸ ·Î±×ÀÎ µÇµµ·Ï ¹Ù²Ù´Â °Íµµ ¹æ¹ýÀÌ°í..
22¹ø Æ÷Æ®¸¦ ´Ù¸¥ °É·Î ¾Æ¿¹ ¹Ù²Ù´Â °Íµµ ¹æ¹ýÀÔ´Ï´Ù.


QnA