主机远程登录不进去,查看系统登录日志:
[root@master01 rpm]# tail -n20 /var/log/secure
Mar 18 14:19:20 ecs-47310119-001 unix_chkpwd[330744]: password check failed for user (root)
Mar 18 14:19:20 ecs-47310119-001 sshd[330731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.213.136.182 user=root
Mar 18 14:19:30 ecs-47310119-001 unix_chkpwd[330836]: password check failed for user (root)
Mar 18 14:19:30 ecs-47310119-001 sshd[330834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.213.136.182 user=root
Mar 18 14:19:31 ecs-47310119-001 unix_chkpwd[330837]: password check failed for user (root)
Mar 18 14:19:31 ecs-47310119-001 sshd[330743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.26.39.149 user=root
发现几个恶意登录IP,一直尝试登录主机。
[root@master01 ~]# faillock --user root
root:
When Type Source Valid
2026-03-18 14:17:02 RHOST 118.213.136.182 V
2026-03-18 14:17:02 RHOST 116.26.39.149 V
2026-03-18 14:17:12 RHOST 118.213.136.182 V
解决办法:
faillock --user root --reset
查看是否还有恶意IP:
[root@master01 ~]# faillock --user root
root:
When Type Source Valid
像这种情况就是你的机器被攻击了,防火墙添加IP白名单是最有效的办法。
