Nov 26 07:26:50 localhost sshd[7692]: User root from 219.243.208.158 not allowed because not listed in AllowUsers
Nov 26 07:26:50 localhost sshd[7693]: input_userauth_request: invalid user root
Nov 26 07:26:51 localhost sshd[7693]: Received disconnect from 219.243.208.158: 11: Bye Bye
Nov 26 07:26:52 localhost sshd[7694]: User root from 219.243.208.158 not allowed because not listed in AllowUsers
Nov 26 07:26:52 localhost sshd[7695]: input_userauth_reque大带宽服务器st: invalid user root
Nov 26 07:26:52 localhost sshd[7695]: Received disconnect from 219.243.208.158: 11: Bye Bye
Nov 26 07:26:52 localhost sshd[7696]: User root from 219.243.208.158 not allowed because not listed in AllowUsers
Nov 26 07:26:52 localhost sshd[7697]: input_userauth_request: invalid user root
Nov 26 07:26:52 localhost sshd[7697]: Received disconnect from 219.243.208.158: 11: Bye Bye
Nov 26 07:26:53 localhost sshd[7698]: User root from 219.243.208.158 not allowed because not listed in AllowUsers

这些人是闲着蛋疼吗？ 我的2台服务器都会这样。
对，蛋疼

正常，脚本小子多的是

这个是怎么回事啊。 写个脚本在广域网扫端口，然后暴力破解？

把root的远程登陆关了啊 ssh端口改了啊

ssh关root－ －

脚本泛滥的后果啊

vps商的ip段基本上算是公开的吧，直接弱密码扫ip段就行了，我小时候就干过这样的事情- -一个软件，一天能扫出一堆，不过不明觉厉，不知道用来干嘛。
现在想想，啧。

Fail2ban is your friend.

denyhost也不错啊，简单方便
其实直接禁止密码登陆更彻底

我把ssh的端口改成443了，然后禁止密码登录



我知道啊，早就禁止root用户和密码登录了， 现在都是用密钥对登录的。 只是好奇他们的目的，难道真的是扫来做肉鸡吗

他们有机器自动扫ip，成本非常低，几万台能搞到一台就赚了啊