Linux view server brutally crack SSH IP


On the server of public network, you often encounter someone to blow up port 22 of your server, which is used to mine or do other things~

In this case, the correct way is to:

  1. Modify the default SSH port 22
  2. Log in using set key or whitelist IP
  3. It is recommended that the server password is complex
  4. Create normal user login server (root privilege is too large)
  5. Build fortress computer to realize unified management server


Statistical blasting IP

[[email protected]_Node-1 ~]# find /var/log -name 'secure*' -type f | while read line;do awk '/Failed/{print $(NF-3)}' $line;done | awk '{a[$0]++}END{for (j in a) if(a[j] > 20) print j"="a[j]}' | sort -n -t'=' -k 2

Use this command to count how many IP addresses are blowing up your server~



[[email protected]_Node-1 ~]# find /var/log -name 'secure*' -type f | while read line;do awk '/Failed/{print $(NF-3)}' $line;done | awk '{a[$0]++}END{for (j in a) if(a[j] > 20) print j"="a[j]}' | sort -n -t'=' -k 2

These are my server did not modify the default port burst IP!!!


Set 24 bit random password

[[email protected]_Node-1 ~]# rootpass=`date +%s | sha256sum | base64 | head -c 24` && echo root:$rootpass | chpasswd && echo $rootpass


Create a normal user

[[email protected]_Node-1 ~]# useradd mikeops
[[email protected]_Node-1 ~]# passwd mikeops
Changing password for user mikeops.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[[email protected]_Node-1 ~]# cd /home/mikeops/
[[email protected]_Node-1 /home/mikeops]# pwd
[[email protected]_Node-1 /home/mikeops]#

Create a user whose ordinary user is mikeops, whose home directory is on / home / mikeops. By default, you can log in as a normal user


Modify SSH default port

[[email protected]_Node-1 ~]# vim /etc/ssh/sshd_config 

#Port 22 ා default port
Port 22876 ා modify new SSH port
#AddressFamily any
#ListenAddress ::

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

Permitrotelogin no ා is set to disable root remote login. The default is yes

[[email protected]_Node-1 ~]# firewall-cmd --zone=public --add-port=22876/tcp --permanent
[[email protected]_Node-1 ~]# firewall-cmd --reload
[[email protected]_Node-1 ~]# systemctl restart sshd[[email protected]_Node-1 ~]#

Remember!!! Before annotating port 22, make sure that the new SSH port is up (22876). After the new SSH port is up, you can annotate the default port 22. Otherwise, it may lead to an awkward situation of not connecting to the server~

After the setup is restarted, log in to the Linux server with a normal user. If you want to switch to the root user, enter the password with the command Su root

You can also set the key login, white list and fortress machine. This article will not share too much. Thank you for your support~