今天我检查了我的sshd的日志,并且发现了很多行:10月12日
Oct 12 12:31:34 my_user sshd[15324]: Failed password for invalid user admin from 104.194.25.135 port 2683 ssh2 Oct 12 12:31:37 my_user sshd[15324]: Failed password for invalid user admin from 104.194.25.135 port 2683 ssh2 Oct 12 12:31:39 my_user sshd[15324]: Failed password for invalid user admin from 104.194.25.135 port 2683 ssh2 Oct 12 12:31:41 my_user sshd[15324]: Failed password for invalid user admin from 104.194.25.135 port 2683 ssh2 Oct 12 12:31:45 my_user sshd[15324]: Failed password for invalid user admin from 104.194.25.135 port 2683 ssh2 Oct 12 12:31:53 my_user sshd[15326]: Failed password for invalid user admin from 104.194.25.135 port 4049 ssh2 Oct 12 12:31:55 my_user sshd[15326]: Failed password for invalid user admin from 104.194.25.135 port 4049 ssh2 Oct 12 12:31:57 my_user sshd[15326]: Failed password for invalid user admin from 104.194.25.135 port 4049 ssh2 Oct 12 12:31:59 my_user sshd[15326]: Failed password for invalid user admin from 104.194.25.135 port 4049 ssh2 Oct 12 12:32:01 my_user sshd[15326]: Failed password for invalid user admin from 104.194.25.135 port 4049 ssh2 Oct 12 12:32:04 my_user sshd[15326]: Failed password for invalid user admin from 104.194.25.135 port 4049 ssh2 Oct 12 12:32:09 my_user sshd[15329]: Failed password for invalid user admin from 104.194.25.135 port 1793 ssh2 Oct 12 12:32:12 my_user sshd[15329]: Failed password for invalid user admin from 104.194.25.135 port 1793 ssh2 Oct 12 12:32:14 my_user sshd[15329]: Failed password for invalid user admin from 104.194.25.135 port 1793 ssh2 我想知道是否有可能要求SSHlogin他们尝试的密码以及用户名。
没有openssh不能做到这一点。 你可以修改源代码,但是通常对于这样的研究来说,build立像kippo这样的蜜jar是非常有用的。 如果成功进入服务器,您将能够看到攻击者正在做什么。
您可以查看这个好文章http://www.adeptus-mechanicus.com/codex/logsshp/logsshp.html这是关于另一个选项 – 使用非标准的PAM模块logging密码。
另一篇关于Python PAM模块的文章http://www.chokepoint.net/2014/01/more-fun-with-pam-python-failed.html
我最终用Python编写了PAM模块,因为我个人知道Python。 蜜jar对我来说有点矫枉过正。