02-22-2017, 08:04 PM
Hello All!
I have been seeing the following output after doing a service ssh status:
Question is: how in the world do I correct the ssh system so that I will not have people failing passwords trying to login as root: I have disabled root login, but I may have a problem with /etc/ssh/sshd_config - how can I read the information and stop these attempts? I may need to block these IP addresses from accessing BBUS, but I need to be able to READ the information - I don't think that I have ever seen the ssh service give me these warnings - Is this Normal? Do I have anything to worry about - I don't want to have someone try to bring me down......
Any help or advice is appreciated!
Thank You!
Brian
I have been seeing the following output after doing a service ssh status:
Code:
root@cardinal:~# service ssh status
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled)
Active: active (running) since Tue 2017-02-21 22:20:21 EST; 16h ago
Process: 4157 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Main PID: 4165 (sshd)
CGroup: /system.slice/ssh.service
├─ 4165 /usr/sbin/sshd -D
├─24034 sshd: root [priv]
└─24035 sshd: root [net]
Feb 22 14:55:00 cardinal sshd[24024]: Failed password for root from 122.194...h2
Feb 22 14:55:02 cardinal sshd[24024]: Failed password for root from 122.194...h2
Feb 22 14:55:05 cardinal sshd[24024]: Failed password for root from 122.194...h2
Feb 22 14:55:07 cardinal sshd[24024]: Failed password for root from 122.194...h2
Feb 22 14:55:10 cardinal sshd[24024]: Failed password for root from 122.194...h2
Feb 22 14:55:10 cardinal sshd[24024]: Disconnecting: Too many authenticatio...h]
Feb 22 14:55:10 cardinal sshd[24024]: PAM 5 more authentication failures; l...ot
Feb 22 14:55:14 cardinal sshd[24034]: pam_unix(sshd:auth): authentication f...ot
Feb 22 14:55:16 cardinal sshd[24034]: Failed password for root from 122.194...h2
Feb 22 14:55:18 cardinal sshd[24034]: Failed password for root from 122.194...h2
Hint: Some lines were ellipsized, use -l to show in full.
root@cardinal~#
Question is: how in the world do I correct the ssh system so that I will not have people failing passwords trying to login as root: I have disabled root login, but I may have a problem with /etc/ssh/sshd_config - how can I read the information and stop these attempts? I may need to block these IP addresses from accessing BBUS, but I need to be able to READ the information - I don't think that I have ever seen the ssh service give me these warnings - Is this Normal? Do I have anything to worry about - I don't want to have someone try to bring me down......
Any help or advice is appreciated!
Thank You!
Brian
Brian S. Baker
Linux Enthusiast /Computer Consultant At Large/ "The Wizkid"
System Admin: buddy-baker.us
buddy-baker.us
Linux Enthusiast /Computer Consultant At Large/ "The Wizkid"
System Admin: buddy-baker.us
buddy-baker.us