Конфиг /etc/ssh/sshd_config # Package generated configuration file # See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords PasswordAuthentication no # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes 29 сентября 2014 г., 12:29 пользователь Людмила Бандурина < bigdogs...@gmail.com> написал: > hosts.allow > > sendmail: all > # /etc/hosts.allow: list of hosts that are allowed to access the system. > # See the manual pages hosts_access(5) and > hosts_options(5). > # > # Example: ALL: LOCAL @some_netgroup > # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu > # > # If you're going to protect the portmapper use the name "portmap" for the > # daemon name. Remember that you can only use the keyword "ALL" and IP > # addresses (NOT host or domain names) for the portmapper, as well as for > # rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8) > # for further information. > # > > Письмо от logwatch > > > --------------------- SSHD Begin ------------------------ > > > Illegal users from: > undef: 53 times > 61.183.1.14: 11 times > 122.225.109.116: 1 time > 122.225.109.194: 1 time > 122.225.109.195: 1 time > 122.225.109.197: 1 time > 193.238.157.34 (shadow.charon.at): 26 times > 212.129.56.29 (212-129-56-29.rev.poneytelecom.eu): 12 times > > Users logging in through sshd: > root: > 83.220.237.97: 3 times > 83.220.237.40: 2 times > > > Received disconnect: > 11: Bye Bye [preauth] : 103 Time(s) > 11: disconnected by user : 5 Time(s) > 3: com.jcraft.jsch.JSchException: Auth fail [preauth] : 15 Time(s) > > Refused incoming connections: > 193.238.157.34 (193.238.157.34): 2 Time(s) > 212.129.56.29 (212.129.56.29): 1 Time(s) > 27.254.33.142 (27.254.33.142): 12 Time(s) > 61.183.1.14 (61.183.1.14): 1 Time(s) > > ---------------------- SSHD End ------------------------- > > iptables -L -v > > Chain INPUT (policy ACCEPT 74600 packets, 48M bytes) > pkts bytes target prot opt in out source > destination > 0 0 DROP all -- any any 175.42.0.0/16 > anywhere > 15 600 DROP all -- any any 122.225.0.0/16 > anywhere > 12 480 DROP all -- any any > 0.0.174.61.dial.tz.zj.dynamic.163data.com.cn/16 anywhere > 104 5268 DROP all -- any any 222.77.0.0/16 > anywhere > 3 152 DROP all -- any any > 0.0.40.120.broad.fz.fj.dynamic.163data.com.cn/16 anywhere > 26 1348 DROP all -- any any > 0.0.25.117.broad.fz.fj.dynamic.163data.com.cn/16 anywhere > 0 0 DROP all -- any any 110.80.0.0/16 > anywhere > 6 304 DROP all -- any any > 0.0.161.220.broad.zz.fj.dynamic.163data.com.cn/16 anywhere > 0 0 DROP all -- any any > 0.0.207.121.broad.qz.fj.dynamic.163data.com.cn/16 anywhere > 0 0 DROP all -- any any > 0.0.58.59.broad.np.fj.dynamic.163data.com.cn/16 anywhere > 0 0 DROP all -- any any 125.77.0.0/16 > anywhere > 107 5452 DROP all -- any any > 0.0.85.110.broad.qz.fj.dynamic.163data.com.cn/16 anywhere > 114 5928 DROP all -- any any > 0.0.84.110.broad.xm.fj.dynamic.163data.com.cn/16 anywhere > 57 2920 DROP all -- any any > 0.0.205.121.broad.qz.fj.dynamic.163data.com.cn/16 anywhere > 3 152 DROP all -- any any > 0.0.76.222.broad.fz.fj.dynamic.163data.com.cn/16 anywhere > 48 2496 DROP all -- any any > 0.0.87.110.broad.xm.fj.dynamic.163data.com.cn/16 anywhere > 35 1804 DROP all -- any any > 0.0.78.125.broad.qz.fj.dynamic.163data.com.cn/16 anywhere > 45 2340 DROP all -- any any > 0.0.32.120.broad.fz.fj.dynamic.163data.com.cn/16 anywhere > 24 1216 DROP all -- any any > 0.0.83.110.broad.fz.fj.dynamic.163data.com.cn/16 anywhere > 284 14312 DROP all -- any any 27.150.0.0/16 > anywhere > 0 0 DROP all -- any any > 0.0.125.76.gs.dail.jqgt.dynamic.163data.com.cn/16 anywhere > 185 9424 DROP all -- any any 27.153.0.0/16 > anywhere > 93 4712 DROP all -- any any > 0.0.89.110.broad.pt.fj.dynamic.163data.com.cn/16 anywhere > 6 304 DROP all -- any any > 0.0.204.121.board.fz.fj.dynamic.163data.com.cn/16 anywhere > 0 0 DROP all -- any any 120.36.0.0/16 > anywhere > 45 2280 DROP all -- any any > 0.0.33.120.broad.qz.fj.dynamic.163data.com.cn/16 anywhere > 0 0 DROP all -- any any 59.60.0.0/16 > anywhere > 75 3800 DROP all -- any any > 0.0.26.117.broad.qz.fj.dynamic.163data.com.cn/16 anywhere > 0 0 DROP all -- any any > 0.0.154.27.broad.xm.fj.dynamic.163data.com.cn/16 anywhere > 243 12312 DROP all -- any any > 0.0.159.27.broad.xm.fj.dynamic.163data.com.cn/16 anywhere > 0 0 DROP all -- any any > 0.82.30.117.broad.xm.fj.dynamic.163data.com.cn/24 anywhere > 0 0 DROP all -- any any > 0.29.154.27.broad.xm.fj.dynamic.163data.com.cn/24 anywhere > 0 0 DROP all -- any any > 0.125.79.222.broad.xm.fj.dynamic.163data.com.cn/24 anywhere > 0 0 DROP all -- any any > 0.125.79.222.broad.xm.fj.dynamic.163data.com.cn/24 anywhere > 0 0 DROP all -- any any > 87.125.79.222.broad.xm.fj.dynamic.163data.com.cn anywhere > > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 93209 packets, 124M bytes) > pkts bytes target prot opt in out source > destination > > > > -- > С уважением, Людмила > > > 29 сентября 2014 г., 12:17 пользователь Alan Holt <berber...@gmail.com> > написал: > > Где то есть ошибка, прикрипите полный iptables и лог. >> Так же при неправильной конфигурации демона ssh и чейнов файрвола такое >> бывает. >> >> используйте так же /etc/hosts.allow >> >> 2014-09-29 11:04 GMT+03:00 Людмила Бандурина <bigdogs...@gmail.com>: >> >>> Добрый день, >>> >>> Нет, никаких разрешений в списке нет, только еще несколько таких же >>> запретов на китайские подсети. >>> >>> 28 сентября 2014 г., 20:42 пользователь Dmitry Agafonov < >>> agafonovdmi...@gmail.com> написал: >>> >>> Добрый день! >>>> >>>> Одно правило ни о чем не говорит. Посмотрите на каунтеры и нумерацию >>>> (-v), может под правило вообще ничего не подходит и обрабатывается каким-то >>>> разрешением выше по списку. >>>> >>>> 28 сентября 2014 г., 19:55 пользователь Людмила Бандурина < >>>> bigdogs...@gmail.com> написал: >>>> >>>>> Здравствуйте всем! >>>>> >>>>> В iptables прописано: >>>>> Chain INPUT (policy ACCEPT) >>>>> target prot opt source destination >>>>> DROP all -- 122.225.0.0/16 anywhere >>>>> >>>>> Тем не менее в письме от logwatch вижу >>>>> >>>>> Illegal users from: >>>>> 122.225.109.116: 1 time >>>>> 122.225.109.194: 1 time >>>>> 122.225.109.195: 1 time >>>>> 122.225.109.197: 1 time >>>>> >>>>> Почему? Вроде бы если доступ закрыт файрволлом, эти попытки должны >>>>> быть в секции Refused incoming connections, разве нет? >>>>> >>>>> -- >>>>> С уважением, Людмила >>>>> >>>>> -- >>>>> ubuntu-ru mailing list >>>>> ubuntu-ru@lists.ubuntu.com >>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-ru >>>>> >>>>> >>>> >>>> >>>> -- >>>> Dmitry Agafonov ~ http://agafonov.pp.ru/ >>>> >>>> -- >>>> ubuntu-ru mailing list >>>> ubuntu-ru@lists.ubuntu.com >>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-ru >>>> >>>> >>> >>> >>> -- >>> С уважением, Людмила >>> >>> -- >>> ubuntu-ru mailing list >>> ubuntu-ru@lists.ubuntu.com >>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-ru >>> >>> >> >> >> -- >> *בברכה, * >> *אלכס ברבר* >> >> *+9 72 54 285 952 3* >> *www.linuxspace.org* <http://www.linuxspace.org> >> *--* >> *Best regards.* >> *Alex Berber* >> *+9 72 54 285 952 3* >> *www.linuxspace.org* <http://www.linuxspace.org/> >> >> -- >> ubuntu-ru mailing list >> ubuntu-ru@lists.ubuntu.com >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-ru >> >> > > -- С уважением, Людмила
-- ubuntu-ru mailing list ubuntu-ru@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-ru