{"id":37099086,"url":"https://github.com/hootrix/sshield","last_synced_at":"2026-01-14T12:02:39.043Z","repository":{"id":270390224,"uuid":"910133267","full_name":"Hootrix/sshield","owner":"Hootrix","description":"服务器ssh加固和监控工具","archived":false,"fork":false,"pushed_at":"2025-12-05T11:08:42.000Z","size":277,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-07T13:07:47.120Z","etag":null,"topics":["ssh"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Hootrix.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-12-30T15:19:51.000Z","updated_at":"2025-12-05T11:08:45.000Z","dependencies_parsed_at":"2024-12-30T20:20:23.857Z","dependency_job_id":"95b953e0-2073-4b5d-b944-62c0a1161bd7","html_url":"https://github.com/Hootrix/sshield","commit_stats":null,"previous_names":["hootrix/sshield"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/Hootrix/sshield","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hootrix%2Fsshield","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hootrix%2Fsshield/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hootrix%2Fsshield/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hootrix%2Fsshield/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Hootrix","download_url":"https://codeload.github.com/Hootrix/sshield/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hootrix%2Fsshield/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28419274,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ssh"],"created_at":"2026-01-14T12:02:38.307Z","updated_at":"2026-01-14T12:02:39.028Z","avatar_url":"https://github.com/Hootrix.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n    \u003ch1\u003eSSHield\u003c/h1\u003e\n    \u003cp\u003e\n        Linux 服务器SSH加固工具\n    \u003c/p\u003e\n\u003c/div\u003e\n\n\u003e [!caution]\n\u003e Linux 发行版兼容性尚未完全覆盖，生产环境请先测试验证\n\n## 特性\n\n- 🔐 SSH 安全加固\n  - 密钥登录配置\n  - 密码安全策略\n  - 自定义端口\n\n- 📧 ssh登录事件通知\n  - 基于 journalctl 的实时监听（systemd）\n  - 支持 curl 与 SMTP 邮件通知\n  - 支持 cron/systemd timer 的一次性扫尾模式\n\n## 安装\n\n### 一键安装（推荐）\n\n```bash\n# 需要 root 权限执行, 安装到/usr/local/bin/\ncurl -Lo /usr/local/bin/sshield https://github.com/Hootrix/sshield/releases/latest/download/sshield-linux-$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/') \u0026\u0026 chmod +x /usr/local/bin/sshield\n```\n\n### 手动下载\n\n从 [Releases](https://github.com/Hootrix/sshield/releases) 下载对应架构的二进制文件：\n- `sshield-linux-amd64` - x86_64 架构\n- `sshield-linux-arm64` - ARM64 架构\n\n### 从源码编译\n\n```bash\ngo install github.com/Hootrix/sshield/cmd/sshield@latest\n```\n\n## 使用\n\n```bash\n# 开启调试输出（可选）\nexport SSHIELD_DEBUG=1\n\n\n# 查看帮助\nsshield --help\n\n# SSH 加固\nsshield ssh key --type ed25519           # 配置密钥登录\nsshield ssh password-login --disable     # 禁用密码登录\nsshield ssh change-password -u user -r   # 为用户生成随机强密码\nsshield ssh port -p 2222                 # 修改 SSH 端口\n\n# ssh 通知渠道配置\n# curl webhook\nsshield notify curl 'curl -X POST -H \"Content-Type: application/json\" -d \"{\\\"msgtype\\\":\\\"text\\\",\\\"text\\\":{\\\"content\\\":\\\"SSH登录: {{.User}}@{{.IP}}\\\"}}\" https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx'\n# 支持 --base64 传入编码字符，避免引号和空格问题\nsshield notify curl --base64 'Y3VybCAtWCBQT1NUIC1IICJDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb24iIC1kICJ7XCJ1c2VyXCI6XCJ7ey5Vc2VyfX1cIn0iIGh0dHBzOi8vZXhhbXBsZS5jb20vd2ViaG9vaw=='\n\n# email\nsshield notify email --to ops@example.com --from ssh@example.com --server smtp.example.com --user smtp-user --password secret\n\nsshield notify test                      # 发送测试通知\nsshield notify status                    # 查看当前通知渠道配置\nsshield notify enable --all # 启用所有通知渠道\nsshield notify enable --name my-webhook\t# 按名称启用\nsshield notify enable --index 1\t# 按序号启用\nsshield notify disable --all # 禁用所有通知渠道\n# 新增/删除/修改渠道都会立即生效\n\n\n# 推荐ssh监听服务(systemd service)\nsudo sshield service install --notify-on success                 # 仅成功提醒，减少打扰\nsudo sshield service install --notify-on all --fail-limit 3 --fail-window 1h  # 通知所有，但限制失败频率：每 IP 每小时最多 3 条\n\n# 启动并设置服务开机自启\nsudo systemctl start sshield-notify\nsudo systemctl enable sshield-notify\n# 查看状态\nsshield service status\n# 卸载ssh监听服务(systemd service)\nsudo sshield service uninstall\n\n\n# 开启ssh登录监听（手动）\n# 仅成功提醒\nsshield ssh watch --notify-on success\n# 全量提醒，但每 IP 失败每小时最多 3 条\nsshield ssh watch --notify-on all --fail-limit 3 --fail-window 1h\n\n\n# 单次日志扫尾检查\nsshield ssh sweep --since 5m             # 处理最近 5 分钟登录事件（默认仅输出）\nsshield ssh sweep --since 5m --notify --notify-on success\nsshield ssh sweep --since 5m --notify --notify-on all --fail-limit 3 --fail-window 1h\n\n# 可选参数：--source auto|journal|file，--timezone Asia/Shanghai|Local 等\n# 可选参数：--journal-unit sshd.service --log-path /var/log/auth.log 等\n# 通知过滤：--notify-on all|success|failed\n# 失败限流：--fail-limit N --fail-window 1h/1d/1w/1M 等\n\n```\n\n默认保存位置：\n- 配置文件：`/etc/sshield/notify.json`\n- 状态文件：`/var/lib/sshield/notify.state`\n\n\u003e **注意**：使用 `watch` 或 `sweep --notify` 前，需先配置通知方式（email 或 webhook），否则只会输出日志不会发送通知。\n\n### notify curl 命令可可用模板变量\n```\n{{.Type}}      - 事件类型（login_success/login_failed）\n{{.User}}      - 登录用户名\n{{.IP}}        - 来源 IP\n{{.Port}}      - 来源端口\n{{.Method}}    - 认证方式（password/publickey）\n{{.Hostname}}  - 服务器主机名\n{{.Timestamp}} - 事件时间\n{{.Location}}  - IP 地理位置\n{{.LogPath}}   - 日志来源路径\n{{.Message}}   - 原始日志消息\n{{.HostIP}}    - 主机 IP\n```\n\n支持`text/template`模板语法:\n\n```\n{{if eq .Type \"login_success\"}}yellow{{else}}red{{end}}\n```\n\n### lark 飞书 通知样例\n\n```\ncurl -X POST -H \"Content-Type: application/json\" -d '{\"msg_type\":\"interactive\",\"card\":{\"header\":{\"template\":\"{{if eq .Type \\\"login_success\\\"}}yellow{{else}}red{{end}}\",\"title\":{\"content\":\"🔐 SSH {{.Type}} Alert @{{.HostIP}}\",\"tag\":\"plain_text\"}},\"config\":{\"wide_screen_mode\":true},\"elements\":[{\"tag\":\"div\",\"text\":{\"content\":\"**👤 用户:** {{.User}}@{{.Hostname}}\\\\n**🔑 方式:** {{.Method}}\\\\n**🌐 IP:** {{.IP}}\\\\n**📍 位置:** {{.Location}}\\\\n**⏰ 时间:** {{.Timestamp}}\",\"tag\":\"lark_md\"}},{\"tag\":\"hr\"},{\"tag\":\"div\",\"text\":{\"content\":\"**📝 消息:** {{.Message}}\\\\n**📂 日志:** {{.LogPath}}\",\"tag\":\"lark_md\"}},{\"tag\":\"hr\"},{\"tag\":\"note\",\"elements\":[{\"tag\":\"plain_text\",\"content\":\"Powered by SSHield\"}]}]}}' https://open.feishu.cn/open-apis/bot/v2/hook/XXXXXXXXX\n```\n![notify-lark](./notify-lark.jpeg)\n\n## systemctl和日志\n\n默认未配置通知渠道时，`watch`/`sweep` 仍会将监控结果输出到标准输出，可配合 systemd 日志留档。\n\n```bash\n# 开启服务\n## systemd 重新加载配置\n# sudo systemctl daemon-reload\n## 同时启用服务的开机自启功能并立即启动该服务 \nsudo systemctl enable --now sshield-notify.service\n\n# 查看systemctl状态\nsudo systemctl status sshield-notify\n\n# 重启服务\nsudo systemctl restart sshield-notify\n\n# 查看系统journalctl日志\nsudo journalctl -u sshield-notify -f\n\n# 查看系统ssh日志\nsudo journalctl -u ssh.service -n 20 --no-pager\n\n```\n\n### cron 兜底\n\n即使 watch 进程意外退出，cron 也能定期补漏：\n\n```bash\n# 每分钟扫描最近 90 秒的登录事件\n* * * * * /usr/local/bin/sshield ssh sweep --since 90s --notify \u003e\u003e /var/log/sshield.log 2\u003e\u00261\n```\n\n## 开发 \n\n### 构建\n\n```bash\nCGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags='-s -w -extldflags \"-static -fpic\"' -o bin/sshield cmd/sshield/main.go\n```\n\n### 发布流程\n\n提交 tag之后，GitHub CI自动发布\n```\n# 1. 合并到 main\ngit checkout main\ngit merge dev.20251205\ngit push origin main\n\n# 2. 打 tag 触发自动发布\ngit tag v0.1.0\ngit push origin v0.1.0\n```\n\n\n## 许可证\n\nMIT License\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhootrix%2Fsshield","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhootrix%2Fsshield","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhootrix%2Fsshield/lists"}