近期查看 /var/log/secure Log 發現大量的不明 IP 嘗試登入我的主機，產生了很多 Log，如下(每分鐘就來個6~7次，看的很煩)

[root@localhost ~]$ cat /var/log/secure
Mar 30 15:08:23 onepic sshd[8198]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:08:34 onepic sshd[8204]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:08:46 onepic sshd[8205]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:08:57 onepic sshd[8206]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:09:08 onepic sshd[8211]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:09:20 onepic sshd[8212]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:09:32 onepic sshd[8221]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:09:42 onepic sshd[8224]: refused connect from 120.48.4.5 (120.48.4.5)
Mar 30 15:09:43 onepic sshd[8225]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:09:54 onepic sshd[8226]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:10:05 onepic sshd[8238]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:10:17 onepic sshd[8239]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:10:28 onepic sshd[8250]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:10:36 onepic sshd[8251]: refused connect from 167.99.254.203 (167.99.254.203)
Mar 30 15:10:39 onepic sshd[8252]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:10:46 onepic sshd[8253]: refused connect from 209.141.43.56 (209.141.43.56)
Mar 30 15:10:51 onepic sshd[8254]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:11:02 onepic sshd[8255]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:11:13 onepic sshd[8256]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:11:24 onepic sshd[8269]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:11:35 onepic sshd[8270]: refused connect from 14.162.179.66 (14.162.179.66)
Mar 30 15:11:47 onepic sshd[8271]: refused connect from 14.162.179.66 (14.162.179.66)

過程中有使用過 fail2ban，但是在 hosts.deny 上增加了 幾千筆的資料，也有可能對方使用 偽 IP 進行 SSH 登入。

最後決定更新 SSH Port 來阻擋惡意登入用戶，也就是把 22 port 改成其它 port，因為 22 Port是大家知道的 SSH 服務端口，改了也比較不容易被攻擊。

以下是修改流程。