Private Island Networks Inc.

How to tell if hackers are trying to SSH into my Linux box?

Nov 09, 2020 asked by anonymous
share
LinkedIn Share
Share on Twitter
subscribe to mailing list:

Question / Issue:

I have configured my firewall to open up port 22 and route traffic to my Linux box. How can I tell if hackers are trying to log in?
X-ray Engineering Services

Responses:

Date: Nov. 9, 2020

Author: Mind Chasers

Comment:

On Ubuntu, you can see failed login attempts at /var/log/auth.log $ tail /var/log/auth.log ... Nov 9 11:40:44 server1 sshd[32766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.219.38 user=root Nov 9 11:40:46 server1 sshd[32766]: Failed password for root from 159.203.219.38 port 49802 ssh2 Nov 9 11:40:46 server1 sshd[32766]: Received disconnect from 159.203.219.38 port 49802:11: Bye Bye [preauth] Nov 9 11:40:46 server1 sshd[32766]: Disconnected from authenticating user root 159.203.219.38 port 49802 [preauth] Consider moving your SSH server to another port. Also, if your machine is local, then disable logging in with a password. See Automate Your SSH Login with Public Key Authentication

Post your answer or comment:

your email address will be kept private
authenticate with a 3rd party for enhanced features, such as image upload
previous month
next month
Su
Mo
Tu
Wd
Th
Fr
Sa
loading