服务器SSH连接问题：每次连接都需要多次尝试或需长时间等待

服务器系统：Ubuntu 22.04
相关服务： open-ssh

问题

最近服务器进行ssh连接往往需要多次尝试连接才能够成功，失败的连接报错如下：

 C:\Users\xx> ssh ab@[IP]
kex_exchange_identification: Connection closed by remote host
Connection closed by [IP] port 22

或者输入密码后需要等待很久才能重新连接

原因

• /etc/ssh/sshd_config 为ssh服务的参数，其中有一条为：

  MaxStartups  10:30:100
  

  其含义如下：
  10：未验证连接数达到10开始进行连接drop (以一定概率拒绝新的连接）
  30：基础drop概率值，线性增大
  100: 未验证连接数达到100则拒绝所有新连接

• 使用命令 systemctl status ssh 发现有大量标记为[priv]的连接,每秒有多次连接失败尝试

             ├─2109811 "sshd: unknown [priv]"
             ├─2109812 "sshd: unknown [priv]"
             ├─2109813 "sshd: unknown [net]" ""
             ├─2109814 "sshd: unknown [priv]"
             ├─2109815 "sshd: unknown [net]" ""
             ├─2109816 "sshd: unknown [net]" ""
             ├─2109817 "sshd: unknown [priv]"
             ├─2109818 "sshd: unknown [net]" ""
             ├─2109819 "sshd: unknown [priv]"
             ├─2109820 "sshd: unknown [net]" ""
             ├─2109821 "sshd: root [priv]" "" "" ""
             ├─2109822 "sshd: root [net]" "" "" "" ""
             ├─2109823 "sshd: unknown [priv]"
             ├─2109824 "sshd: unknown [net]" ""
             ├─2109827 "sshd: unknown [priv]"
             ├─2109829 "sshd: unknown [net]" ""
             ├─2109830 "sshd: unknown [priv]"
             ├─2109831 "sshd: unknown [priv]"
             ├─2109832 "sshd: unknown [net]" ""
             ├─2109833 "sshd: unknown [net]" ""
             ├─2109834 "sshd: unknown [priv]"
             ├─2109835 "sshd: unknown [net]" ""
             ├─2109837 "sshd: unknown [priv]"
             ├─2109838 "sshd: unknown [net]" ""
             ├─2109839 "sshd: unknown [priv]"
             ├─2109842 "sshd: unknown [net]" ""
             ├─2109843 "sshd: unknown [priv]"
             ├─2109844 "sshd: root [priv]" "" "" ""
1月 10 04:23:22 w4 sshd[1938612]: Connection closed by invalid user ljb 
1月 10 04:23:22 w4 sshd[1938803]: pam_unix(sshd:auth): check pass; user unknown
1月 10 04:23:22 w4 sshd[1938803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 
1月 10 04:23:22 w4 sshd[1938658]: Failed password for root from 
1月 10 04:23:22 w4 sshd[1938657]: Failed password for invalid user umscloud from
1月 10 04:23:22 w4 sshd[1938805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser04:23:22 w4 ssh
1月 10 04:23:22 w4 sshd[1938693]: Failed password for invalid user 
1月 10 04:23:22 w4 sshd[1938661]: Failed password for invalid user dzq818
1月 10 04:23:22 w4 sshd[1938807]: Invalid user d_user from

解决方案

• 令所有用户配置秘钥登录，ssh配置设置为禁止使用账户密码登录
• 使用fail2ban工具，ban掉短时间内多次登录失败的ip地址
  fail2ban详细安装教程