Private Island Networks Inc.

How to tell if hackers are trying to SSH into my Linux box?

Nov 09, 2020 asked by anonymous
share
subscribe to mailing list:

Question / Issue:

I have configured my firewall to open up port 22 and route traffic to my Linux box. How can I tell if hackers are trying to log in?
X-ray Engineering Services

Responses:

Date: Nov. 9, 2020

Author: Mind Chasers

Comment:

On Ubuntu, you can see failed login attempts at /var/log/auth.log $ tail /var/log/auth.log ... Nov 9 11:40:44 server1 sshd[32766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.219.38 user=root Nov 9 11:40:46 server1 sshd[32766]: Failed password for root from 159.203.219.38 port 49802 ssh2 Nov 9 11:40:46 server1 sshd[32766]: Received disconnect from 159.203.219.38 port 49802:11: Bye Bye [preauth] Nov 9 11:40:46 server1 sshd[32766]: Disconnected from authenticating user root 159.203.219.38 port 49802 [preauth] Consider moving your SSH server to another port. Also, if your machine is local, then disable logging in with a password. See Automate Your SSH Login with Public Key Authentication

Post your answer or comment:

your email address will be kept private
authenticate with a 3rd party for enhanced features, such as image upload
previous month
next month
Su
Mo
Tu
Wd
Th
Fr
Sa
loading