大佬们，服务器好多登陆失败数据，这是什么情况啊。

las#                                                                            (base) ➜  ~ lastb
stone    ssh:notty    87.120.114.109   Mon Oct 28 17:45 - 17:45  (00:00)
stone    ssh:notty    87.120.114.109   Mon Oct 28 17:45 - 17:45  (00:00)
silence  ssh:notty    80.94.92.50      Mon Oct 28 17:45 - 17:45  (00:00)
silence  ssh:notty    80.94.92.50      Mon Oct 28 17:45 - 17:45  (00:00)
qiusb    ssh:notty    85.31.47.177     Mon Oct 28 17:45 - 17:45  (00:00)
qiusb    ssh:notty    85.31.47.177     Mon Oct 28 17:45 - 17:45  (00:00)
root     ssh:notty    94.156.167.132   Mon Oct 28 17:43 - 17:43  (00:00)
zhicong  ssh:notty    85.31.47.177     Mon Oct 28 17:42 - 17:42  (00:00)
zhicong  ssh:notty    85.31.47.177     Mon Oct 28 17:42 - 17:42  (00:00)
root     ssh:notty    81.161.238.170   Mon Oct 28 17:41 - 17:41  (00:00)
huixin   ssh:notty    118.220.172.125  Mon Oct 28 17:40 - 17:40  (00:00)
huixin   ssh:notty    118.220.172.125  Mon Oct 28 17:40 - 17:40  (00:00)
root     ssh:notty    92.118.39.14     Mon Oct 28 17:34 - 17:34  (00:00)
wangling ssh:notty    81.161.238.170   Mon Oct 28 17:34 - 17:34  (00:00)
wangling ssh:notty    81.161.238.170   Mon Oct 28 17:34 - 17:34  (00:00)
skw      ssh:notty    85.31.47.177     Mon Oct 28 17:31 - 17:31  (00:00)
skw      ssh:notty    85.31.47.177     Mon Oct 28 17:31 - 17:31  (00:00)
jihye    ssh:notty    81.161.238.170   Mon Oct 28 17:31 - 17:31  (00:00)
jihye    ssh:notty    81.161.238.170   Mon Oct 28 17:31 - 17:31  (00:00)
chengxu  ssh:notty    94.156.167.133   Mon Oct 28 17:31 - 17:31  (00:00)
chengxu  ssh:notty    94.156.167.133   Mon Oct 28 17:31 - 17:31  (00:00)
mycat    ssh:notty    80.94.92.62      Mon Oct 28 17:31 - 17:31  (00:00)
mycat    ssh:notty    80.94.92.62      Mon Oct 28 17:31 - 17:31  (00:00)
csgoserv ssh:notty    81.161.238.170   Mon Oct 28 17:30 - 17:30  (00:00)
csgoserv ssh:notty    81.161.238.170   Mon Oct 28 17:30 - 17:30  (00:00)
xby      ssh:notty    80.94.92.50      Mon Oct 28 17:27 - 17:27  (00:00)
xby      ssh:notty    80.94.92.50      Mon Oct 28 17:27 - 17:27  (00:00)
yanj     ssh:notty    94.156.167.133   Mon Oct 28 17:26 - 17:26  (00:00)
yanj     ssh:notty    94.156.167.133   Mon Oct 28 17:26 - 17:26  (00:00)
xjb      ssh:notty    85.31.47.177     Mon Oct 28 17:24 - 17:24  (00:00)
xjb      ssh:notty    85.31.47.177     Mon Oct 28 17:24 - 17:24  (00:00)
xuhx     ssh:notty    81.161.238.170   Mon Oct 28 17:22 - 17:22  (00:00)
xuhx     ssh:notty    81.161.238.170   Mon Oct 28 17:22 - 17:22  (00:00)
dsz      ssh:notty    118.220.172.125  Mon Oct 28 17:21 - 17:21  (00:00)
dsz      ssh:notty    118.220.172.125  Mon Oct 28 17:21 - 17:21  (00:00)
wangyq11 ssh:notty    85.31.47.177     Mon Oct 28 17:20 - 17:20  (00:00)
wangyq11 ssh:notty    85.31.47.177     Mon Oct 28 17:20 - 17:20  (00:00)
s2       ssh:notty    94.156.167.133   Mon Oct 28 17:19 - 17:19  (00:00)
s2       ssh:notty    94.156.167.133   Mon Oct 28 17:19 - 17:19  (00:00)
yuting   ssh:notty    87.120.114.109   Mon Oct 28 17:18 - 17:18  (00:00)
yuting   ssh:notty    87.120.114.109   Mon Oct 28 17:18 - 17:18  (00:00)
zhourui  ssh:notty    178.215.224.101  Mon Oct 28 17:16 - 17:16  (00:00)
zhourui  ssh:notty    178.215.224.101  Mon Oct 28 17:16 - 17:16  (00:00)
mingrui  ssh:notty    81.161.238.170   Mon Oct 28 17:15 - 17:15  (00:00)
dev      ssh:notty    80.76.49.224     Mon Oct 28 17:15 - 17:15  (00:00)
mingrui  ssh:notty    81.161.238.170   Mon Oct 28 17:15 - 17:15  (00:00)

有人爆破，，

上fail2ban吧

被暴力破解了。

可以看看这位佬的fail2ban

上蜜罐

只要你的密钥不是弱密码就没事，我的rn的机器每时每刻都在被爆破，我也没管过

脚本小子

装了fail2ban，刚刚上去看，尼玛fail2ban没有启动。。。。

看着这么多记录心慌的很。

蜜罐是什么呀，有教程吗？

不是弱密码的话凑合着用。真怕的话就用密钥登录

两步，一是改默认22端口，二是启用密钥登录，登录成功以后，关闭密码登录。这两步99%安全了，剩下就是泄露私钥和ssh漏洞了。

自从改了 22 端口，感觉防御增加了 99.99999999999%

写个脚本，三次登录失败 封 ip

直接禁止密码登录就好啦

gail2ban吧，简单

你这个算好的了，
这是我一天的量attacks: 977
reports: 720
自动化封禁加举报（非标端口都有人爆破）之前我家群晖被爆破一天2000次日志爆炸

全部都是服务器，80端口都开了，没有防护

改了22端口，安静了很长时间，然后十一开始被爆破。