[实践OK] 设置ssh日志记录防止ssh尝试多次密码攻击@/var/log/secure ,查看linux下的用户ssh登录日志,包括用户登录时所用的主机的ip和尝试失败的次数统计,ssh问题:ssh_exchange_identification: Connection closed by remote host... OpenSSH普通用户无法登录的几种情况的解决方法
less /var/log/secure
May 28 11:05:53 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[55974]: Failed password for root from 10.73.***.251 port 24222 ssh2
May 28 11:06:28 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[55974]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 28 11:06:30 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[55974]: Failed password for root from 10.73.***.251 port 24222 ssh2
May 28 11:06:31 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[55974]: Connection closed by 10.73.***.251 [preauth]
May 28 11:06:31 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[55974]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.73.***.251 user=root
May 28 11:06:35 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[56210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.73.***.251 user=root
May 28 11:06:35 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[56210]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 28 11:06:37 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[56210]: Failed password for root from 10.73.***.251 port 24296 ssh2
May 28 11:06:57 xxxx-web-api-upload_php_bj_yz_10_73_235_0 passwd: pam_unix(passwd:chauthtok): password changed for root
May 28 11:07:02 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[56210]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 28 11:07:04 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[56210]: Failed password for root from 10.73.***.251 port 24296 ssh2
May 28 11:07:10 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[56210]: Connection closed by 10.73.***.251 [preauth]
May 28 11:07:10 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[56210]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.73.***.251 user=root
树莓派的ssh日志文件是:/var/log/auth.log ,对应CentOS的/var/log/secure文件吧?
不完全正确。树莓派和CentOS都使用不同的日志文件来记录SSH登录活动。在树莓派上,SSH登录活动通常被记录在/var/log/auth.log文件中。而在CentOS上,SSH登录活动通常被记录在/var/log/secure文件中。
如何看查看系统上的日志配置文件的实际位置?
检查以下文件来了解日志配置:
/etc/rsyslog.conf
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
/etc/rsyslog.d/目录下的其他配置文件
/etc/syslog-ng/syslog-ng.conf(如果使用syslog-ng)
背景:linux ssh 无法登录 错误提示 Connection closed by foreign host,之前都好好的,现在突然就有问题了,最后查到是因为有人做机器盘点,可能对一些ip作了白名单以限定其对本机的ssh的访问。
[root@localhost htdocs]# telnet 10.70.32.58 22
Trying 10.70.32.58...
Connected to localhost (10.70.32.58).
Escape character is '^]'.
jackxiang
jkdfjdl
Connection closed by foreign host.
这个怎么办???
1.ssh -vvv打印debug调试
2.检查iptable等是否有做端口限制
3.解决办法是:打电话给机房要求强制重启,然后就莫名其妙的可以了……
ssh -vvv xiangdong@10.70.32.58 22
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.70.32.58 [10.70.32.58] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
ssh_exchange_identification: Connection closed by remote host
使用Kerberos登陆ssh的时候,出现下列问题:
ssh_exchange_identification: Connection closed by remote host
解决办法:
修改/etc/hosts.allow文件,加入 sshd:ALL,然后重启sshd服务
http://wangmukun.blog.51cto.com/651644/202747
vi /etc/hosts.allow
sshd:10.65.*.* 10.4.*.* 192.168.112.195 110.64.6.58 110.70.58.84 202.108.16.65/255.255.255.224 211.108.17.* 211.181.168.*
加上自己的IP在后面,/etc/init.d/sshd status
sshd (pid 15818 7913 7911 7696 7694) is running...
/etc/init.d/sshd restart
或: service sshd restart
摘自:http://blog.163.com/zhengjiu_520/blog/static/3559830620118294059556/
有可能是使用了,使用SSH公钥(id_dsa.pub)实现免密码登录?实践证明不是的:
http://www.ibm.com/developerworks/cn/linux/l-backup/index.html#N10058
OpenSSH普通用户无法登录的几种情况的解决方法:( #UsePAM yes 是注销了的,因为不需要PAM)
1 验证方式不支持
如客户端登录时提示如下:
[huzw@CentOS-6-37 ~]$ ssh monitor@192.168.1.5
Permission denied (publickey,keyboard-interactive).
解决方法:
设置sshd的配置文件(sshd_config)的这条配置:PasswordAuthentication yes
然后重启服务:service sshd restart
2 普通用户登录密码始终错误,sshd启动有报错
sshd启动报错:
Unsupported option GSSAPIAuthentication
Unsupported option GSSAPICleanupCredentials
解决方法:
注销sshd的配置文件(sshd_config)的如下配置:
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
#UsePAM yes
然后重启服务:service sshd restart
来自:http://blog.csdn.net/huzhenwei/article/details/7486737
————————————————————————————————————————————————————
设置ssh日志记录 :
1、修改/etc/ssh/sshd_config
将SyslogFacility AUTHPRIV改为SyslogFacility local5
2 修改/etc/syslog.conf
添加如下两行:
# save sshd messages also to sshd.log
local5.* /data/log/sshd.log
3、重启sshd和syslog服务
然后你可以使用ssh来登录看看发现与sshd有关的信息都记录到了sshd.log中。不在是messages。
摘自:http://blog.chinaunix.net/uid-24500107-id-2602874.html
linux下怎么查看ssh的用户登录日志:
参考:http://www.cnblogs.com/wangkangluo1/archive/2011/09/23/2185976.html
SSH的登录次数查看:
指定尝试密码次数:
vi /etc/ssh/sshd_config
将默认的值改掉即可CentOS6 默认可以允许做3次尝试重启SSH。
MaxAuthTries 1
这里表示只允许输错一回密码.
我们要注意的是除了SSH自身的选项控制认证次数外,它还通过pam进行验证,所以如果我们设置MaxAuthTries 10,则允许输错密码的次数可能还是3,如果MaxAuthTries 2,则以MaxAuthTries为准.
如果是MaxAuthTries 2,我们输错密码的提示如下:
ssh root@192.168.27.142
root@192.168.27.142's password:
Permission denied, please try again.
root@192.168.27.142's password:
Received disconnect from 192.168.27.142: 2: Too many authentication failures for root
修改默认登录时间
当你连接到 SSH 后,默认是提供 2 分钟的时间让你输入帐户和密码来进行登录,你可以修改这个时间为 1 分钟或 30 秒。
LoginGraceTime 1m
参考:http://wowubuntu.com/ssh-security.html
http://kyle.itpub.net/post/1626/491466
suse下可以这样:less /var/log/faillog
more /var/log/secure
who /var/log/wtmp
干了些什么?
root账户下输入su - username
切换到username下输入
history
能看到这个用户历史命令,默认最近的1000条..
cat /var/log/secure 这个 日志记录 是记录了 所有 用户登陆信息
干了什么 可以看每一个用户的 history ...
tail -f /(日志文件目录) 查看日志命令
ctrl+c停止打印
ls -al 查看文件的详细信息路径等
vi /(日志文件目录) 打开日志
/搜索字符
退出:按ESC后,按“:”,输入q,敲回车
近日,各大网站密码暴露,得修改下密码:
以root身份登陆,执行:passwd修改密码。useradd 用户名,添加用户。
具体的如下:
#passwd root
输入root密码,输入两便。
#useradd 用户名
#passwd 用户名
密码,输入两便
———————————ssh_exchange_identification: Connection closed by remote host————————————
ssh问题:ssh_exchange_identification: Connection closed by remote host...
ssh/scp:ssh_exchange_identification:Connection closed by remote host的问题
使用ssh/scp时,出现下列问题:
ssh_exchange_identification: Connection closed by remote host
解决办法: www.2cto.com
修改/etc/hosts.allow文件,加入 sshd:ALL,然后重启sshd服务.
修改/etc/hosts.deny, 将 ALL: ALL 注释掉.
摘自:http://www.2cto.com/os/201210/161948.html
ssh问题:ssh_exchange_identification: Connection closed by remote host...
刚刚一个朋友告诉我SSH连接不上服务器了,重启电脑也不管用.我仔细看了一下,老报如下错误:
ssh_exchange_identification: Connection closed by remote host
the connection to the remote host was lost . this usually means that you network connection went down or that the remote host was rebooted
most network outages are short. and thus trying again may work
我在网上google了一下,得解决方案:
(1) 最简单的解决方法就是让/etc/hosts.allow 和/etc/hosts.deny里面的所有信息都不生效,全部注销掉,重启SSH服务就可以了.
但是,有时候在你修改后不久,仍然会出现/etc/hosts.deny自动修改,让你还是登录不了,此时需要检查denyhosts服务。
在redhat系列的版本中,有一个denyhosts服务,会自动覆盖/etc/hosts.deny文件,在确认要登录的机器没有问题时,可以简单做如下处理:
/etc/init.d/denyhosts stop
(2) 但是还有一种情况,就是客户端连接数过多时,也会报这个错误。缺省情况下,SSH终端连接数最大为10个。在这种情况下,需要改SSH的配置文件,
解决方案:
1) 修改/etc/ssh/sshd_config中#MaxStartups 10,将其改为MaxStartups 1000
2) 重启SSH服务,/etc/init.d/ssh restart
摘自:http://chyd96.blog.163.com/blog/static/627060762011916115414327/
————————————————————————————更多相关知识——————————————————————————
Linux踢出其他正在SSH登陆用户
1、查看系统在线用户
[root@apache ~]# w
14:15:41 up 42 days, 56 min, 2 users, load average: 0.07, 0.02, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 116.204.64.165 14:15 0.00s 0.06s 0.04s w
root pts/1 116.204.64.165 14:15 2.00s 0.02s 0.02s –bash
2、查看当前自己占用终端,别把自己干掉了
[root@apache ~]# who am i
root pts/02013-01-16 14:15 (116.204.64.165)
3、用pkill 命令剔除对方
[root@apache ~]# pkill -kill -t pts/1
4、用w命令在看看干掉没。
[root@apache ~]# w
14:19:47 up 42 days, 1:00, 1 user, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 116.204.64.165 14:15 0.00s 0.03s 0.00s w
后记:
如果最后查看还是没有干掉,建议加上-9 强制杀死。
[root@apache ~]# pkill -9 -t pts/1
From:http://www.myhack58.com/Article/48/66/2013/37031.htm
CentOS6下限制SSH远程终端连接数:
方案:
1)修改/etc/ssh/sshd_config中#MaxStartups 10:30:60,将其改为MaxStartups 1000
2)重启SSH服务,/etc/init.d/ssh restart
Centos系统默认连接时间120秒,如果远程终端连接数过多,则会出现超时连接,解决办法如下:
1)修改/etc/ssh/sshd_config中LoginGraceTime 120,将其改为LoginGraceTime 0,其中0表示不限制连接时间
2)重启SSH服务,/etc/init.d/ssh restart
From:http://www.21ops.com/linux/8220.html
May 28 11:05:53 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[55974]: Failed password for root from 10.73.***.251 port 24222 ssh2
May 28 11:06:28 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[55974]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 28 11:06:30 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[55974]: Failed password for root from 10.73.***.251 port 24222 ssh2
May 28 11:06:31 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[55974]: Connection closed by 10.73.***.251 [preauth]
May 28 11:06:31 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[55974]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.73.***.251 user=root
May 28 11:06:35 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[56210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.73.***.251 user=root
May 28 11:06:35 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[56210]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 28 11:06:37 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[56210]: Failed password for root from 10.73.***.251 port 24296 ssh2
May 28 11:06:57 xxxx-web-api-upload_php_bj_yz_10_73_235_0 passwd: pam_unix(passwd:chauthtok): password changed for root
May 28 11:07:02 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[56210]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 28 11:07:04 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[56210]: Failed password for root from 10.73.***.251 port 24296 ssh2
May 28 11:07:10 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[56210]: Connection closed by 10.73.***.251 [preauth]
May 28 11:07:10 xxxx-web-api-upload_php_bj_yz_10_73_235_0 sshd[56210]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.73.***.251 user=root
树莓派的ssh日志文件是:/var/log/auth.log ,对应CentOS的/var/log/secure文件吧?
不完全正确。树莓派和CentOS都使用不同的日志文件来记录SSH登录活动。在树莓派上,SSH登录活动通常被记录在/var/log/auth.log文件中。而在CentOS上,SSH登录活动通常被记录在/var/log/secure文件中。
如何看查看系统上的日志配置文件的实际位置?
检查以下文件来了解日志配置:
/etc/rsyslog.conf
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
/etc/rsyslog.d/目录下的其他配置文件
/etc/syslog-ng/syslog-ng.conf(如果使用syslog-ng)
背景:linux ssh 无法登录 错误提示 Connection closed by foreign host,之前都好好的,现在突然就有问题了,最后查到是因为有人做机器盘点,可能对一些ip作了白名单以限定其对本机的ssh的访问。
[root@localhost htdocs]# telnet 10.70.32.58 22
Trying 10.70.32.58...
Connected to localhost (10.70.32.58).
Escape character is '^]'.
jackxiang
jkdfjdl
Connection closed by foreign host.
这个怎么办???
1.ssh -vvv打印debug调试
2.检查iptable等是否有做端口限制
3.解决办法是:打电话给机房要求强制重启,然后就莫名其妙的可以了……
ssh -vvv xiangdong@10.70.32.58 22
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.70.32.58 [10.70.32.58] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
ssh_exchange_identification: Connection closed by remote host
使用Kerberos登陆ssh的时候,出现下列问题:
ssh_exchange_identification: Connection closed by remote host
解决办法:
修改/etc/hosts.allow文件,加入 sshd:ALL,然后重启sshd服务
http://wangmukun.blog.51cto.com/651644/202747
vi /etc/hosts.allow
sshd:10.65.*.* 10.4.*.* 192.168.112.195 110.64.6.58 110.70.58.84 202.108.16.65/255.255.255.224 211.108.17.* 211.181.168.*
加上自己的IP在后面,/etc/init.d/sshd status
sshd (pid 15818 7913 7911 7696 7694) is running...
/etc/init.d/sshd restart
或: service sshd restart
摘自:http://blog.163.com/zhengjiu_520/blog/static/3559830620118294059556/
有可能是使用了,使用SSH公钥(id_dsa.pub)实现免密码登录?实践证明不是的:
http://www.ibm.com/developerworks/cn/linux/l-backup/index.html#N10058
OpenSSH普通用户无法登录的几种情况的解决方法:( #UsePAM yes 是注销了的,因为不需要PAM)
1 验证方式不支持
如客户端登录时提示如下:
[huzw@CentOS-6-37 ~]$ ssh monitor@192.168.1.5
Permission denied (publickey,keyboard-interactive).
解决方法:
设置sshd的配置文件(sshd_config)的这条配置:PasswordAuthentication yes
然后重启服务:service sshd restart
2 普通用户登录密码始终错误,sshd启动有报错
sshd启动报错:
Unsupported option GSSAPIAuthentication
Unsupported option GSSAPICleanupCredentials
解决方法:
注销sshd的配置文件(sshd_config)的如下配置:
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
#UsePAM yes
然后重启服务:service sshd restart
来自:http://blog.csdn.net/huzhenwei/article/details/7486737
————————————————————————————————————————————————————
设置ssh日志记录 :
1、修改/etc/ssh/sshd_config
将SyslogFacility AUTHPRIV改为SyslogFacility local5
2 修改/etc/syslog.conf
添加如下两行:
# save sshd messages also to sshd.log
local5.* /data/log/sshd.log
3、重启sshd和syslog服务
然后你可以使用ssh来登录看看发现与sshd有关的信息都记录到了sshd.log中。不在是messages。
摘自:http://blog.chinaunix.net/uid-24500107-id-2602874.html
linux下怎么查看ssh的用户登录日志:
参考:http://www.cnblogs.com/wangkangluo1/archive/2011/09/23/2185976.html
SSH的登录次数查看:
指定尝试密码次数:
vi /etc/ssh/sshd_config
将默认的值改掉即可CentOS6 默认可以允许做3次尝试重启SSH。
MaxAuthTries 1
这里表示只允许输错一回密码.
我们要注意的是除了SSH自身的选项控制认证次数外,它还通过pam进行验证,所以如果我们设置MaxAuthTries 10,则允许输错密码的次数可能还是3,如果MaxAuthTries 2,则以MaxAuthTries为准.
如果是MaxAuthTries 2,我们输错密码的提示如下:
ssh root@192.168.27.142
root@192.168.27.142's password:
Permission denied, please try again.
root@192.168.27.142's password:
Received disconnect from 192.168.27.142: 2: Too many authentication failures for root
修改默认登录时间
当你连接到 SSH 后,默认是提供 2 分钟的时间让你输入帐户和密码来进行登录,你可以修改这个时间为 1 分钟或 30 秒。
LoginGraceTime 1m
参考:http://wowubuntu.com/ssh-security.html
http://kyle.itpub.net/post/1626/491466
suse下可以这样:less /var/log/faillog
more /var/log/secure
who /var/log/wtmp
干了些什么?
root账户下输入su - username
切换到username下输入
history
能看到这个用户历史命令,默认最近的1000条..
cat /var/log/secure 这个 日志记录 是记录了 所有 用户登陆信息
干了什么 可以看每一个用户的 history ...
tail -f /(日志文件目录) 查看日志命令
ctrl+c停止打印
ls -al 查看文件的详细信息路径等
vi /(日志文件目录) 打开日志
/搜索字符
退出:按ESC后,按“:”,输入q,敲回车
近日,各大网站密码暴露,得修改下密码:
以root身份登陆,执行:passwd修改密码。useradd 用户名,添加用户。
具体的如下:
#passwd root
输入root密码,输入两便。
#useradd 用户名
#passwd 用户名
密码,输入两便
———————————ssh_exchange_identification: Connection closed by remote host————————————
ssh问题:ssh_exchange_identification: Connection closed by remote host...
ssh/scp:ssh_exchange_identification:Connection closed by remote host的问题
使用ssh/scp时,出现下列问题:
ssh_exchange_identification: Connection closed by remote host
解决办法: www.2cto.com
修改/etc/hosts.allow文件,加入 sshd:ALL,然后重启sshd服务.
修改/etc/hosts.deny, 将 ALL: ALL 注释掉.
摘自:http://www.2cto.com/os/201210/161948.html
ssh问题:ssh_exchange_identification: Connection closed by remote host...
刚刚一个朋友告诉我SSH连接不上服务器了,重启电脑也不管用.我仔细看了一下,老报如下错误:
ssh_exchange_identification: Connection closed by remote host
the connection to the remote host was lost . this usually means that you network connection went down or that the remote host was rebooted
most network outages are short. and thus trying again may work
我在网上google了一下,得解决方案:
(1) 最简单的解决方法就是让/etc/hosts.allow 和/etc/hosts.deny里面的所有信息都不生效,全部注销掉,重启SSH服务就可以了.
但是,有时候在你修改后不久,仍然会出现/etc/hosts.deny自动修改,让你还是登录不了,此时需要检查denyhosts服务。
在redhat系列的版本中,有一个denyhosts服务,会自动覆盖/etc/hosts.deny文件,在确认要登录的机器没有问题时,可以简单做如下处理:
/etc/init.d/denyhosts stop
(2) 但是还有一种情况,就是客户端连接数过多时,也会报这个错误。缺省情况下,SSH终端连接数最大为10个。在这种情况下,需要改SSH的配置文件,
解决方案:
1) 修改/etc/ssh/sshd_config中#MaxStartups 10,将其改为MaxStartups 1000
2) 重启SSH服务,/etc/init.d/ssh restart
摘自:http://chyd96.blog.163.com/blog/static/627060762011916115414327/
————————————————————————————更多相关知识——————————————————————————
Linux踢出其他正在SSH登陆用户
1、查看系统在线用户
[root@apache ~]# w
14:15:41 up 42 days, 56 min, 2 users, load average: 0.07, 0.02, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 116.204.64.165 14:15 0.00s 0.06s 0.04s w
root pts/1 116.204.64.165 14:15 2.00s 0.02s 0.02s –bash
2、查看当前自己占用终端,别把自己干掉了
[root@apache ~]# who am i
root pts/02013-01-16 14:15 (116.204.64.165)
3、用pkill 命令剔除对方
[root@apache ~]# pkill -kill -t pts/1
4、用w命令在看看干掉没。
[root@apache ~]# w
14:19:47 up 42 days, 1:00, 1 user, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 116.204.64.165 14:15 0.00s 0.03s 0.00s w
后记:
如果最后查看还是没有干掉,建议加上-9 强制杀死。
[root@apache ~]# pkill -9 -t pts/1
From:http://www.myhack58.com/Article/48/66/2013/37031.htm
CentOS6下限制SSH远程终端连接数:
方案:
1)修改/etc/ssh/sshd_config中#MaxStartups 10:30:60,将其改为MaxStartups 1000
2)重启SSH服务,/etc/init.d/ssh restart
Centos系统默认连接时间120秒,如果远程终端连接数过多,则会出现超时连接,解决办法如下:
1)修改/etc/ssh/sshd_config中LoginGraceTime 120,将其改为LoginGraceTime 0,其中0表示不限制连接时间
2)重启SSH服务,/etc/init.d/ssh restart
From:http://www.21ops.com/linux/8220.html
作者:jackxiang@向东博客 专注WEB应用 构架之美 --- 构架之美,在于尽态极妍 | 应用之美,在于药到病除
地址:http://jackxiang.com/post/4726/
版权所有。转载时必须以链接形式注明作者和原始出处及本声明!
最后编辑: jackxiang 编辑于2023-9-2 02:35
评论列表