- /var/log/auth.log发现:
error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
ssh-keygen -A
- 记录用publiy key登陆的身份
/etc/ssh/sshd_config
, 修改日志级别: LogLevel VERBOSE
,每次登陆都会记录public key的指纹在 /var/log/auth.log
- 用以下脚本读出public_key的指纹,便于比对
(p="$(mktemp)";cat ~/.ssh/authorized_keys|while IFS="$(printf "\n")" read key; do echo $key > $p; ssh-keygen -lf $p; done; rm -f $p)
- 清除登陆记录
>/var/log/utmp && >/var/log/wtmp && >/var/log/btmp && >/var/log/auth.log && history -c && >~/.bash_history && exit
- history记录时间和人员
export HISTTIMEFORMAT="%F %T `whoami` " >> /etc/profile