跳转到主内容

是否记录了通过SSH进行的无效/未知用户登录尝试?

Views:
132
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

适用场景

  • ONTAP 9
  • SSH
  • Event Management System(事件管理系统)(EMS)

问题解答

  • EMS中记录了无效/未知用户尝试:
消息名称: sshd.auth.loginDenied
严重性: 请注意
问题描述 : 如果ssd因身份验证失败而拒绝登录尝试、则会发出此事件。
更正操作: 使用有效的用户名/密码组合进行登录。
 
示例:
Thu Aug 4 18:05:09 +0300 [cluster1-01: sshd: sshd.auth.loginDenied:notice]: params: {'message': 'Failed keyboard-interactive / pam for invalid user user123 from 10.x.y.4 port 61582 ssh2 '}
 
消息名称:sshd.loginGraceTime.expired
严重性: 错误
问题描述 :如果用户尝试与存储系统建立安全Shell (SSH)连接、但未在分配的超时期限内提供密码、则会出现此消息。许多此类连接尝试都可能阻止其他用户登录到存储系统、从而导致拒绝服务(DoS)攻击。
更正操作: 如果远程主机重复重试SSH连接、请使用"Firewall policy"命令将远程主机的IP地址添加到拒绝列表中、以阻止该远程主机。
 
示例:
09/23/2020 11:41:51 cluster1-01 ERROR sshd.loginGraceTime.expired: Timeout before password authentication for remote host 10.x.y.7
 
  • 此外、还可以在messages日志中找到"非法用户"身份验证失败信息:
    • Fri Oct 16 08:18:35 2020 cluster1-01 [auth_sshd:error:45682] error: PAM: authentication error for illegal user test from 10.2.3.4

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.