Re: ssh - possible break-in attempt - what should I do?
- From: John Thompson <john@xxxxxxxxxxxxxxxxxx>
- Date: Mon, 7 May 2007 20:44:34 -0500
On 2007-05-07, Yvan office <me@xxxxxxxxxxx> wrote:
I have setup ssh on my home box so I can login from office. I've setup
passwordless login with private and public key, and it works as I want.
But yesterday I looked at /var/log/auth.log and found a lot of:
Apr 30 09:09:52 localhost sshd: Invalid user admin1 from \
Apr 30 09:10:36 localhost sshd: Invalid user html from \
Apr 30 09:11:12 localhost sshd: Invalid user html from \
Apr 30 09:11:56 localhost sshd: Invalid user user1 from \
... and so on, or:
Apr 30 17:08:49 localhost sshd: Invalid user test from \
Apr 30 17:08:49 localhost sshd: reverse mapping checking \
getaddrinfo for host18.104.22.168.static.ifxnw.cl failed\
POSSIBLE BREAK-IN ATTEMPT!
Apr 30 21:23:14 localhost sshd: Did not receive \
identification string from 22.214.171.124
Apr 30 23:53:44 localhost sshd: User root from 126.96.36.199\
not allowed because none of user's groups are listed in \
It all seems that break-in was not successful, but should I do
something? I get a lot of this probes.
And so you will as long as you have port 22 listening. If you only
connect to ssh from work, you can restrict access to ssh to only your
employer's address block. Do also disable remote root logins from ssh;
if you need to use root remotely, log in as a regular user and su to
root or use sudo. Use strong passwords, and keep scanning the logs.
- Prev by Date: Re: Translation packages
- Next by Date: Re: Killfiling Google Groups (was: ???????? ?????????? ?????????????? ??????????????)
- Previous by thread: Re: ssh - possible break-in attempt - what should I do?
- Next by thread: Re: ssh - possible break-in attempt - what should I do?