- /var/log/auth.log發現:
error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
ssh-keygen -A
- 記錄用publiy key登陸的身份
/etc/ssh/sshd_config, 修改日誌級別: LogLevel VERBOSE,每次登陸都會記錄public key的指紋在 /var/log/auth.log- 用以下腳本讀出public_key的指紋,便於比對
(p="$(mktemp)";cat ~/.ssh/authorized_keys|while IFS="$(printf "\n")" read key; do echo $key > $p; ssh-keygen -lf $p; done; rm -f $p)
- 清除登陸記錄
>/var/log/utmp && >/var/log/wtmp && >/var/log/btmp && >/var/log/auth.log && history -c && >~/.bash_history && exit
- history記錄時間和人員
export HISTTIMEFORMAT="%F %T `whoami` " >> /etc/profile
