PortSentry是入侵檢測工具中配置最簡單、效果最直接的工具之一

 

https://sourceforge.net/projects/sentrytools/

[root@localhost ~]# tar -xzvf portsentry-1.2.tar.gz
[root@localhost ~]# cd portsentry_beta/
[root@localhost portsentry_beta]# ls
CHANGES     portsentry.c         portsentry_io.c     README.COMPAT
CREDITS     portsentry.conf      portsentry_io.h     README.install
ignore.csh  portsentry_config.h  portsentry_tcpip.h  README.methods
LICENSE     portsentry.h         portsentry_util.c   README.stealth
Makefile    portsentry.ignore    portsentry_util.h
[root@localhost portsentry_beta]# make
Usage: make <systype>
<systype> is one of: linux, debian-linux, bsd, solaris, hpux, hpux-gcc,
freebsd, osx, openbsd, netbsd, bsdi, aix, osf, irix, generic

This code requires snprintf()/vsnprintf() system calls
to work. If you run a modern OS it should work on
your system with 'make generic'. If you get it to
work on an unlisted OS please write us with the
changes.

Install: make install

NOTE: This will install the package in this
      directory: /usr/local/psionic

Edit the makefile if you wish to change these paths.
Any existing files will be overwritten.
[root@localhost portsentry_beta]# make install
Creating psionic directory /usr/local/psionic
Setting directory permissions
Creating portsentry directory /usr/local/psionic/portsentry
Setting directory permissions
chmod 700 /usr/local/psionic/portsentry
Copying files
cp ./portsentry.conf /usr/local/psionic/portsentry
cp ./portsentry.ignore /usr/local/psionic/portsentry
cp ./portsentry /usr/local/psionic/portsentry
cp: cannot stat `./portsentry': No such file or directory
make: *** [install] Error 1

[root@localhost portsentry_beta]# make linux
SYSTYPE=linux 
Making 
cc -O -Wall -DLINUX -DSUPPORT_STEALTH -o ./portsentry ./portsentry.c \
        ./portsentry_io.c ./portsentry_util.c 
./portsentry.c: In function ‘PortSentryModeTCP’:
./portsentry.c:1187: warning: pointer targets in passing argument 3 of ‘accept’ differ in signedness
/usr/include/sys/socket.h:214: note: expected ‘socklen_t * __restrict__’ but argument is of type ‘int *’
./portsentry.c: In function ‘PortSentryModeUDP’:
./portsentry.c:1384: warning: pointer targets in passing argument 6 of ‘recvfrom’ differ in signedness
/usr/include/sys/socket.h:166: note: expected ‘socklen_t * __restrict__’ but argument is of type ‘int *’
./portsentry.c:1584:11: warning: missing terminating " character
./portsentry.c: In function ‘Usage’:
./portsentry.c:1584: error: missing terminating " character
./portsentry.c:1585: error: ‘sourceforget’ undeclared (first use in this function)
./portsentry.c:1585: error: (Each undeclared identifier is reported only once
./portsentry.c:1585: error: for each function it appears in.)
./portsentry.c:1585: error: expected ‘)’ before ‘dot’
./portsentry.c:1585: error: stray ‘\’ in program
./portsentry.c:1585:24: warning: missing terminating " character
./portsentry.c:1585: error: missing terminating " character
./portsentry.c:1595: error: expected ‘;’ before ‘}’ token
./portsentry_io.c: In function ‘ConfigTokenRetrieve’:
./portsentry_io.c:321: warning: cast from pointer to integer of different size
./portsentry_io.c:324: warning: cast from pointer to integer of different size
./portsentry_io.c: In function ‘IsBlocked’:
./portsentry_io.c:670: warning: cast from pointer to integer of different size
./portsentry_io.c: In function ‘SubstString’:
./portsentry_io.c:727: warning: cast from pointer to integer of different size
make: *** [linux] Error 1

解決方法　把portsentry.c中代「將帶有Copyright 1997-2003字樣的那行調整爲一行便可」：

調整後以下：

[root@localhost portsentry_beta]# make linux
SYSTYPE=linux 
Making 
cc -O -Wall -DLINUX -DSUPPORT_STEALTH -o ./portsentry ./portsentry.c \
        ./portsentry_io.c ./portsentry_util.c 
./portsentry.c: In function ‘PortSentryModeTCP’:
./portsentry.c:1187: warning: pointer targets in passing argument 3 of ‘accept’ differ in signedness
/usr/include/sys/socket.h:214: note: expected ‘socklen_t * __restrict__’ but argument is of type ‘int *’
./portsentry.c: In function ‘PortSentryModeUDP’:
./portsentry.c:1384: warning: pointer targets in passing argument 6 of ‘recvfrom’ differ in signedness
/usr/include/sys/socket.h:166: note: expected ‘socklen_t * __restrict__’ but argument is of type ‘int *’
./portsentry_io.c: In function ‘ConfigTokenRetrieve’:
./portsentry_io.c:321: warning: cast from pointer to integer of different size
./portsentry_io.c:324: warning: cast from pointer to integer of different size
./portsentry_io.c: In function ‘IsBlocked’:
./portsentry_io.c:670: warning: cast from pointer to integer of different size
./portsentry_io.c: In function ‘SubstString’:
./portsentry_io.c:727: warning: cast from pointer to integer of different size

[root@localhost portsentry_beta]# make install
Creating psionic directory /usr/local/psionic
Setting directory permissions
Creating portsentry directory /usr/local/psionic/portsentry
Setting directory permissions
chmod 700 /usr/local/psionic/portsentry
Copying files
cp ./portsentry.conf /usr/local/psionic/portsentry
cp ./portsentry.ignore /usr/local/psionic/portsentry
cp ./portsentry /usr/local/psionic/portsentry
Setting permissions
chmod 600 /usr/local/psionic/portsentry/portsentry.ignore
chmod 600 /usr/local/psionic/portsentry/portsentry.conf
chmod 700 /usr/local/psionic/portsentry/portsentry


Edit /usr/local/psionic/portsentry/portsentry.conf and change
your settings if you haven't already. (route, etc)


WARNING: This version and above now use a new
directory structure for storing the program
and config files (/usr/local/psionic/portsentry).
Please make sure you delete the old files when
the testing of this install is complete.

 安裝路徑爲：

[root@localhost portsentry_beta]# tree  /usr/local/psionic/
/usr/local/psionic/
└── portsentry
    ├── portsentry
    ├── portsentry.conf
    └── portsentry.ignore

1 directory, 3 files

 PortSentry的配置：

1:經過PortSentry.conf

# Un-comment these if you are really anal:
#TCP_PORTS="1,7,9,11,15,70,79,80,109,110,111,119,138,139,143,512,513,514,515,540,635,1080,1524,2000,2001,4000,4001,5742,6000,6001,6667,12345,12346,20034,27665,30303,32771,32772,32773,32774,31337,40421,40425,49724,54320"
#UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,31335,27444,34555,32770,32771,32772,32773,32774,31337,54321"
#
# Use these if you just want to be aware:
TCP_PORTS="1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,12346,20034,27665,31337,32771,32772,32773,32774,40421,49724,54320"
UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,37444,34555,31335,32770,32771,32772,32773,32774,31337,54321"
#
# Use these for just bare-bones
#TCP_PORTS="1,11,15,110,111,143,540,635,1080,1524,2000,12345,12346,20034,32771,32772,32773,32774,49724,54320"
#UDP_PORTS="1,7,9,69,161,162,513,640,700,32770,32771,32772,32773,32774,31337,54321"

經過portSentry進行入侵檢，首先制定要監視的端口清單和相應的阻止對策。而後啓動後臺進程對這些端口進行檢測，一旦發現有人掃描這些端口，以及相應的對策進行阻攔。

經過portentry.conf中關於端口默認配置狀況：

通常有意開放的端口是不須要監控的，若是web服務器的80端口！！！！！

在portsentry.conf中自動配置了許多文件以下：

###########################################
# Advanced Stealth Scan Detection Options #
###########################################
#
# This is the number of ports you want PortSentry to monitor in Advanced mode.
# Any port *below* this number will be monitored. Right now it watches 
# everything below 1024. 
# 
# On many Linux systems you cannot bind above port 61000. This is because
# these ports are used as part of IP masquerading. I don't recommend you
# bind over this number of ports. Realistically: I DON'T RECOMMEND YOU MONITOR 
# OVER 1024 PORTS AS YOUR FALSE ALARM RATE WILL ALMOST CERTAINLY RISE. You've been
# warned! Don't write me if you have have a problem because I'll only tell
# you to RTFM and don't run above the first 1024 ports.
#
#
ADVANCED_PORTS_TCP="1024"
ADVANCED_PORTS_UDP="1024"
#這代表,1~1024的全部端口將被監視
# This field tells PortSentry what ports (besides listening daemons) to
# ignore. This is helpful for services like ident that services such 
# as FTP, SMTP, and wrappers look for but you may not run (and probably 
# *shouldn't* IMHO). 
#
# By specifying ports here PortSentry will simply not respond to
# incoming requests, in effect PortSentry treats them as if they are
# actual bound daemons. The default ports are ones reported as 
# problematic false alarms and should probably be left alone for
# all but the most isolated systems/networks.
#但監視高端口號會引發更多的誤報，能夠通下面參數排除出錯的端口
# Default TCP ident and NetBIOS service
ADVANCED_EXCLUDE_TCP="111,113,139" #默認請況,使用tcp(111,113,139)的ident和NetBIOS服務以及UDP(520,138,137,67)route,NetBIOS和Bootp服務將被排除在高級掃描以外。
# Default UDP route (RIP), NetBIOS, bootp broadcasts.
ADVANCED_EXCLUDE_UDP="520,138,137,67"


######################

######################
# Configuration Files#
######################
#
# Hosts to ignore＃記錄容許合法掃描服務器的主機地址
IGNORE_FILE="/usr/local/psionic/portsentry/portsentry.ignore"
# Hosts that have been denied (running history)＃入侵主機的IP歷史記錄
HISTORY_FILE="/usr/local/psionic/portsentry/portsentry.history"
# Hosts that have been denied this session only (temporary until next restart)＃被阻止鏈接主機的ip記錄
BLOCKED_FILE="/usr/local/psionic/portsentry/portsentry.blocked"

設置路由重定向:

# Generic 
#KILL_ROUTE="/sbin/route add $TARGET$ 333.444.555.666"

# Generic Linux 
KILL_ROUTE="/sbin/route add -host $TARGET$ gw 333.444.555.666"

# Newer versions of Linux support the reject flag now. This 
# is cleaner than the above option.
#KILL_ROUTE="/sbin/route add -host $TARGET$ reject"

# Generic BSD (BSDI, OpenBSD, NetBSD, FreeBSD)
#KILL_ROUTE="/sbin/route add $TARGET$ 333.444.555.666"
#把數據包重定向到一個未知的主機，使這沒法獲取信息

咱們還能夠利用linux中的iptables命令，能夠切斷攻主機的鏈接:

# iptables support for Linux
KILL_ROUTE="/usr/local/bin/iptables -I INPUT -s $TARGET$ -j DROP"
#
# For those of you running FreeBSD (and compatible) you can

能夠直熱門把攻擊者的ip記錄到/etc/hosts.deny文件中，利用TCP_Wrappers保護機制來防止攻擊

###############
# TCP Wrappers#
###############
# This text will be dropped into the hosts.deny file for wrappers
# to use. There are two formats for TCP wrappers:
#
# Format One: Old Style - The default when extended host processing
# options are not enabled.
#
KILL_HOSTS_DENY="ALL: $TARGET$"

# Format Two: New Style - The format used when extended option
# processing is enabled. You can drop in extended processing
# options, but be sure you escape all '%' symbols with a backslash
# to prevent problems writing out (i.e. \%c \%h )
#
#KILL_HOSTS_DENY="ALL: $TARGET$ : DENY"

系統默認是利用TCP_Wrappers來切斷與主機之間的鏈接

改變完畢後，改變文件的權限，以保證其安全。

/usr/psionic/portentry/portsentry.ignore文件中設置portsentry忽略主機ip,限容許合法掃描的主機地址一面是配置狀況:

[root@localhost portsentry]# cat portsentry.ignore 
# Put hosts in here you never want blocked. This includes the IP addresses
# of all local interfaces on the protected host (i.e virtual host, mult-home)
# Keep 127.0.0.1 and 0.0.0.0 to keep people from playing games.
#
# PortSentry can support full netmasks for networks as well. Format is:
#
# <IP Address>/<Netmask>
#
# Example:
#
# 192.168.2.0/24
# 192.168.0.0/16
# 192.168.2.1/32
# Etc.
#
# If you don't supply a netmask it is assumed to be 32 bits.
#
#

127.0.0.1/32
0.0.0.0
#Exclude all local interfaces
127.0.0.1

記得帶上本機地址

portsentry啓動檢測模試。對應tcp和udp兩種協議方式，portsentry分別有三種啓動模式，即基本 祕密和高級祕密掃描檢測模式，合計６種模式。

 

[root@localhost portsentry]# ls
portsentry  portsentry.conf  portsentry.ignore
[root@localhost portsentry]# pwd
/usr/local/psionic/portsentry
[root@localhost portsentry]# ./portsentry -h
PortSentry - Port Scan Detector.
Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot sourceforget dot net>
Licensing restrictions apply. Please see documentation
Version: 1.2

usage: portsentry [-tcp -udp -stcp -atcp -sudp -audp]

*** PLEASE READ THE DOCS BEFORE USING *** 

[root@localhost portsentry]# ./portsentry -stcp

portsentry -tcp ---->TCP的基本端口綁定模式

portsentry -udp --->UDP的基本端口綁定模式

portsentry -stcp --->TCP的祕密掃描模式

portsentry -sudp --->UDP的祕密掃描檢測模式

portsentry -atcp ---->TCP的高級祕密掃描檢測模式

portsentry audp ----->UDP的高級祕密掃描檢測

使用高級祕密掃描檢測模式(Advanced Stealth Scan Detection Mode),PortSentry會自動檢查服務器上正在運行的端口，而後把這些端口，從配置文件中移去，只監控其它的端口。

啓動portSentry的命令:

[root@localhost portsentry]# /usr/local/psionic/portsentry/portsentry -atcp

[root@localhost portsentry]# cat /etc/rc.d/rc.local 
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
#
touch /var/lock/subsys/local
/usr/local/psionic/portsentry/portsentry  -atcp

[root@localhost portsentry]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:b3:81:05 brd ff:ff:ff:ff:ff:ff
    inet 10.100.2.119/24 brd 10.100.2.255 scope global eth0
    inet6 fe80::5054:ff:feb3:8105/64 scope link 
       valid_lft forever preferred_lft forever

[root@localhost portsentry]# netstat -lnutp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1378/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1457/master         
tcp        0      0 :::22                       :::*                        LISTEN      1378/sshd           
tcp        0      0 ::1:25                      :::*                        LISTEN      1457/master         
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               22477/dhclient 

進行掃描:

[root@ok Safety]# nmap -sS 10.100.2.119

Starting Nmap 5.51 ( http://nmap.org ) at 2016-10-21 21:35 CST
Nmap scan report for 10.100.2.119
Host is up (0.00060s latency).
Not shown: 997 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   closed http
8080/tcp closed http-proxy
MAC Address: 52:54:00:B3:81:05 (QEMU Virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 5.19 seconds

查看系統日誌:

[root@localhost portsentry]# tail -f /var/log/messages
Oct 20 08:43:07 localhost portsentry[22712]: adminalert: Advanced mode will manually exclude port: 113 
Oct 20 08:43:07 localhost portsentry[22712]: adminalert: Advanced mode will manually exclude port: 139 
Oct 20 08:43:07 localhost portsentry[22712]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 22
Oct 20 08:43:07 localhost portsentry[22712]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 25
Oct 20 08:43:07 localhost portsentry[22712]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 113
Oct 20 08:43:07 localhost portsentry[22712]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 139
Oct 20 08:43:07 localhost portsentry[22712]: adminalert: PortSentry is now active and listening.
Oct 20 08:54:56 localhost portsentry[22712]: attackalert: TCP SYN/Normal scan from host: 10.100.2.14/10.100.2.14 to TCP port: 80
Oct 20 08:54:56 localhost portsentry[22712]: attackalert: Host 10.100.2.14 has been blocked via wrappers with string: "ALL: 10.100.2.14"
Oct 20 08:54:56 localhost portsentry[22712]: attackalert: Host 10.100.2.14 has been blocked via dropped route using command: "/sbin/route add -host 10.100.2.14 gw 333.444.555.666"

看到ip記錄在文件中了

[root@localhost portsentry]# cat portsentry.blocked.atcp 
1476924896 - 10/20/2016 08:54:56 Host: 10.100.2.14/10.100.2.14 Port: 80 TCP Blocked
[root@localhost portsentry]# cat portsentry.blocked.stcp 
[root@localhost portsentry]# cat portsentry.history 
1476924896 - 10/20/2016 08:54:56 Host: 10.100.2.14/10.100.2.14 Port: 80 TCP Blocked
[root@localhost portsentry]# pwd
/usr/local/psionic/portsentry
[root@localhost portsentry]# ls
portsentry  portsentry.blocked.atcp  portsentry.blocked.stcp  portsentry.conf  portsentry.history  portsentry.ignore

 查看一下/etc/hoosts.deny,發現以下惡意ip:

[root@localhost portsentry]# cat /etc/hosts.deny 
#
# hosts.deny    This file contains access rules which are used to
#        deny connections to network services that either use
#        the tcp_wrappers library or that have been
#        started through a tcp_wrappers-enabled xinetd.
#
#        The rules in this file can also be set up in
#        /etc/hosts.allow with a 'deny' option instead.
#
#        See 'man 5 hosts_options' and 'man 5 hosts_access'
#        for information on rule syntax.
#        See 'man tcpd' for information on tcp_wrappers
#
ALL: 10.100.2.14
[root@localhost portsentry]# 

 再次ssh 不能鏈接成功！！！！

[root@ok ok]# ssh 10.100.2.119 -v
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.100.2.119 [10.100.2.119] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/identity-cert type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
ssh_exchange_identification: Connection closed by remote host

 刪除/etc/hosts.deny中的ip

[root@ok ok]# ssh 10.100.2.119 -v
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.100.2.119 [10.100.2.119] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/identity-cert type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
ssh_exchange_identification: Connection closed by remote host
[root@ok ok]# ssh 10.100.2.119 -v
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.100.2.119 [10.100.2.119] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/identity-cert type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
ssh_exchange_identification: Connection closed by remote host
[root@ok ok]# ssh 10.100.2.119 -v 
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.100.2.119 [10.100.2.119] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/identity-cert type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.100.2.119' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:11
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env XMODIFIERS = @im=ibus
debug1: Sending env LANG = en_US.UTF-8
Last login: Thu Oct 20 01:16:32 2016 from 10.100.2.14