vi /etc/ssh/sshd_config
# 禁止 Root 账号登录
PermitRootLogin no
# 版本
Protocol 2
systemctl restart sshd
vi /etc/pam.d/sshd
# 在 auth 部分添加一行
# even_deny_root 表示同样限制 root 账号# file 用于指定统计次数用的文件,默认是 /var/log/tallylog
auth required pam_tally2.so even_deny_root deny=5 unlock_time=300 file=/var/log/tallylog
# 如果不生效,则在 account 部分再添加一行account required pam_tally2.so
vi /etc/profile.d/auto-logout.sh
# 添加一行
readonly TMOUT=300
参考:
https://man7.org/linux/man-pages/man8/pam_tally2.8.html
https://mp.weixin.qq.com/s/IR96o6bgNH0Yzd88AwdLUQ
https://www.tecmint.com/use-pam_tally2-to-lock-and-unlock-ssh-failed-login-attempts/
