最新消息:其实接手服务器,最最最重要的还是要看下数据库、文件备份情况!!!非常重要!!!

SSH MaxAuthTries参数说明

basic shang 5783浏览 0评论

说明:
在查询限制服务器被SSH尝试时,有看到一个说,可以修改/etc/ssh/sshd_config配置文件的MaxAuthTries参数。但这个参数其实是限制SSH客户端一次连接服务器,能测试的密码的。找了个说明,具体如下
Specifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. The default is 6.

实现:
MaxAuthTries要生效,必须修改SSH服务端、客户端
1. 修改SSH服务端

# vim /etc/ssh/sshd_config
#MaxAuthTries 6  //系统默认是6次。可以按需要更改,如改为2或其它。注意删除#,并重启sshd使配置生效

 
2. 修改SSH客户端

# ssh -o NumberOfPasswordPrompts=8 carl@192.168.2.200  //通过-o NumberOfPasswordPrompts指定1次连接可以尝试的密码,默认是3次。即1次连接可以输入3次密码。但这个就没办法试出MaxAuthTries 6这个的效用了
carl@192.168.2.200's password: 
Permission denied, please try again.
carl@192.168.2.200's password: 
Permission denied, please try again.
carl@192.168.2.200's password: 
Permission denied, please try again.
carl@192.168.2.200's password: 
Permission denied, please try again.
carl@192.168.2.200's password: 
Permission denied, please try again.
carl@192.168.2.200's password: 
Received disconnect from 192.168.2.200: 2: Too many authentication failures for carl

可以看到尝试6次系统就断开连接了。如果需要尝试次数更少的,可以修改第1步的MaxAuthTries,改为2或其它。

当然也可以通过ssh客户端的配置文件来实现,这个倒是没试过!

# vim /etc/ssh/ssh_config  //在最后添加以下内容,这个倒是没试过。
NumberOfPasswordPrompts 8

 
附录:
这种,对于以下这种,1次ssh连接尝试多次密码的,还有点效果

Jan  4 03:42:13 VM_*_*_centos sshd[16678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.225.109.117  user=root
Jan  4 03:42:14 VM_*_*_centos sshd[16809]: Failed password for root from 122.225.109.117 port 59570 ssh2
Jan  4 03:42:15 VM_*_*_centos sshd[16678]: Failed password for root from 122.225.109.117 port 58205 ssh2
Jan  4 03:42:16 VM_*_*_centos sshd[16678]: Failed password for root from 122.225.109.117 port 58205 ssh2
Jan  4 03:42:17 VM_*_*_centos sshd[16809]: Failed password for root from 122.225.109.117 port 59570 ssh2
Jan  4 03:42:19 VM_*_*_centos sshd[16809]: Failed password for root from 122.225.109.117 port 59570 ssh2
Jan  4 03:42:23 VM_*_*_centos sshd[16678]: Failed password for root from 122.225.109.117 port 58205 ssh2
Jan  4 03:42:27 VM_*_*_centos sshd[16810]: Disconnecting: Too many authentication failures for root

 
但对于这种,1次ssh连接只尝试1次密码的,感觉就没什么效果了。

Jan  6 09:58:09 VM_*_*_centos sshd[13825]: Failed password for root from 61.147.103.152 port 35896 ssh2
Jan  6 09:58:09 VM_*_*_centos sshd[13826]: Received disconnect from 61.147.103.152: 11: Normal Shutdown, Thank you for playing
Jan  6 09:58:10 VM_*_*_centos sshd[13827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=6
1.147.103.152  user=root
Jan  6 09:58:12 VM_*_*_centos sshd[13827]: Failed password for root from 61.147.103.152 port 36516 ssh2
Jan  6 09:58:12 VM_*_*_centos sshd[13828]: Received disconnect from 61.147.103.152: 11: Normal Shutdown, Thank you for playing
Jan  6 09:58:12 VM_*_*_centos sshd[13829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.147.103.152  user=root

转载请注明:酷喃|coolnull| » SSH MaxAuthTries参数说明

发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址