文章目录
1、背景2、分析 & 解决2.1 服务器环境2.2 现象3、总结1、背景
本次案例是出现在公司的预发布环境发版中。java编译打包->docker镜像构建->镜像推送harbor->业务机器拉取镜像,这几个步骤已经完成了,执行到最后一步(ssh连接业务机器采用docker-compose起容器)的时候报错如下:
ssh_exchange_identification: Connection closed by remote host
2、分析 & 解决
2.1 服务器环境
Centos 7.6
2.2 现象
通过以上异常提示可以看出是jenkins shell中连接远程机器的时候,被ssh的服务端给终端连接了。要么ssh挂了,要么连接数过多。于是采用第一方案systemctl restart sshd.service重启ssh未果。那么只能考虑从日志寻找蛛丝马迹了。
补充知识(主机防护的常用目录和文件):
ssh日志文件:/var/log/securessh配置文件:/etc/ssh/sshd_configLinux白名单:/etc/hosts.allowLinux黑名单:/etc/hosts.deny华为云主机防护(专有的使用方便):/etc/sshd.deny.hostguard
ssh的日志:
Jan 26 14:58:04 ecs-cicd sshd[2692]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:04 ecs-cicd sshd[2693]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:04 ecs-cicd sshd[2694]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:04 ecs-cicd sshd[2695]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:04 ecs-cicd sshd[2696]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:05 ecs-cicd sshd[2697]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:05 ecs-cicd sshd[2698]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:05 ecs-cicd sshd[2699]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:05 ecs-cicd sshd[2700]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:05 ecs-cicd sshd[2701]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:05 ecs-cicd sshd[2702]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:05 ecs-cicd sshd[2703]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:06 ecs-cicd sshd[2704]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:06 ecs-cicd sshd[2705]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:06 ecs-cicd sshd[2706]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:07 ecs-cicd sshd[2707]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:07 ecs-cicd sshd[2711]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:07 ecs-cicd sshd[2712]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:07 ecs-cicd sshd[2713]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:08 ecs-cicd sshd[2714]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:08 ecs-cicd sshd[2718]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:09 ecs-cicd sshd[2719]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:09 ecs-cicd sshd[2720]: refused connect from 159.223.106.203 (159.223.106.203)Jan 26 14:58:09 ecs-cicd sshd[2721]: refused connect from 159.223.106.203 (159.223.106.203)
ip地址归属:
IP 地址: 159.223.106.203IP Long: 2682219211归属地(纯真数据):美国归属地(ipip):美国 美国 -归属地(IP2REGION):美国 德克萨斯
可见有大量的来自漂亮国的恶意攻击,果断将其加入ip黑名单:
/etc/hosts.deny文件追加一行sshd:159.223.106.203
3、总结
互联网的世界,每天都会有来自各地的黑客对服务器暴力破解,那么我们可以做些什么加强安全呢?
更改ssh服务端口并且使用高强度密码。通过shell或者python自动化识别恶意连接ssh的ip,并进行封禁。使用共有云上的服务器自带的主机防护服务。关注最新的框架代码漏洞,并及时修复处理。(比如最近轰动码农界的Apache Log4j2 远程代码执行漏洞)
如果觉得《运维-jenkins发版执行远程脚本连不上ssh》对你有帮助,请点赞、收藏,并留下你的观点哦!
