文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
首页
学习
活动
专区
圈层
工具
MCP广场
返回腾讯云官网
社区首页 >问答首页 >sshd日志文件在哪里,如何解释日志信息?

sshd日志文件在哪里,如何解释日志信息?
EN

Security用户
提问于 2017-02-25 02:56:30
回答 1查看 1.4K关注 0票数 0

在登录我的vps后输入日志。

代码语言:javascript
运行
复制
journalctl _COMM=sshd -f  

Feb 16 06:34:40 localhost sshd[324]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 38876
Feb 16 06:34:40 localhost sshd[325]: Did not receive identification string from 23.252.100.22
Feb 16 07:34:40 localhost sshd[326]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 40602
Feb 16 07:34:40 localhost sshd[327]: Did not receive identification string from 23.252.100.22
Feb 16 08:34:40 localhost sshd[328]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 38298
Feb 16 08:34:40 localhost sshd[329]: Did not receive identification string from 23.252.100.22
Feb 16 09:34:41 localhost sshd[348]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 42132
Feb 16 09:34:41 localhost sshd[349]: Did not receive identification string from 23.252.100.22
Feb 16 10:34:39 localhost sshd[350]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 60988
Feb 16 10:34:39 localhost sshd[351]: Did not receive identification string from 23.252.100.22
Feb 16 11:34:40 localhost sshd[352]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 33850
Feb 16 11:34:40 localhost sshd[353]: Did not receive identification string from 23.252.100.22
Feb 16 12:34:39 localhost sshd[354]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 44998
Feb 16 12:34:39 localhost sshd[355]: Did not receive identification string from 23.252.100.22
Feb 16 13:34:38 localhost sshd[356]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 52632
Feb 16 13:34:38 localhost sshd[357]: Did not receive identification string from 23.252.100.22
Feb 16 14:34:41 localhost sshd[358]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 43864
Feb 16 14:34:41 localhost sshd[359]: Did not receive identification string from 23.252.100.22
Feb 16 15:34:40 localhost sshd[360]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 53402
Feb 16 15:34:40 localhost sshd[361]: Did not receive identification string from 23.252.100.22

日志是否意味着23.252.100.22 (不是我的ip,也不是我的vps )试图破解我的vps密钥?

包含这样的日志信息的文件在哪里?

ssh
EN

回答 1

Security用户

发布于 2017-02-25 03:09:01

23.252.100.22端口38876中的错误协议版本标识'GET / HTTP/1.0‘

听起来像是一个机器人在向sshd发送格式错误的信息。这不仅不是版本字符串,而且是http请求的一行--这在ssh上下文中没有任何意义。

它可能是试图触发一些我不知道的漏洞,但我认为它可能只是编程不当。

无论哪种方式,答案都是一样的:执行标准的sshd强化操作。禁用密码,禁用根登录,安装和配置fail2ban。

票数 2
EN
页面原文内容由Security提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://security.stackexchange.com/questions/152319

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2025 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 深公网安备号 44030502008569

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号 | 京公网安备号11010802020287

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档