[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] Is it possible to hide the ip in ssh connection

On Monday 20,August,2012 10:44 PM, Mika Suomalainen wrote:
> On 20.08.2012 17:02, lina wrote:
>> On Monday 20,August,2012 09:59 PM, lina wrote:
>>>> Hi,
>>>>
>>>> I ssh to a server which has 400+ users, active ones around
>>>> 100.
>>>>
>>>> Frankly speaking, I would feel comfortable to hide my IP if
>>>> possible,
>>>>
>>>> any suggestions (I checked the spoof, but seems not positive),
>>>>
>>>> Thanks with best regards,
>>>>
>>>>
>> Another question, how do I know whether there are some people are 
>> attempting to invade my laptop, my username, ip are all exposed
>> there.
> 
> If you have SSHd and that is what you are worried about, grep ssh from
> /var/log/auth.log .

BTW, what is the 172.21.48.161, seems in the old auth.log* also has this
one.

# zmore auth.log.2.gz | grep 172.21.48.161
Aug  5 16:05:13 Debian sshd[15369]: Did not receive identification
string from 172.21.48.161
Aug  5 16:05:36 Debian sshd[15370]: Invalid user administrator from
172.21.48.161
Aug  5 16:05:36 Debian sshd[15370]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.21.48.161
Aug  5 16:05:38 Debian sshd[15370]: Failed password for invalid user
administrator from 172.21.48.161 port 54999 ssh2
Aug  5 16:05:40 Debian sshd[15370]: Connection closed by 172.21.48.161
[preauth]
Aug  6 04:04:45 Debian sshd[19015]: Did not receive identification
string from 172.21.48.161
Aug  6 04:05:09 Debian sshd[19016]: Invalid user administrator from
172.21.48.161
Aug  6 04:05:09 Debian sshd[19016]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.21.48.161
Aug  6 04:05:10 Debian sshd[19016]: Failed password for invalid user
administrator from 172.21.48.161 port 59847 ssh2
Aug  6 04:05:11 Debian sshd[19016]: Connection closed by 172.21.48.161
[preauth]
Aug  6 16:06:08 Debian sshd[23030]: Did not receive identification
string from 172.21.48.161
Aug  6 16:06:29 Debian sshd[23032]: Invalid user administrator from
172.21.48.161
Aug  6 16:06:29 Debian sshd[23032]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.21.48.161
Aug  6 16:06:31 Debian sshd[23032]: Failed password for invalid user
administrator from 172.21.48.161 port 49880 ssh2
Aug  6 16:06:32 Debian sshd[23032]: Connection closed by 172.21.48.161
[preauth]
Aug  7 04:04:44 Debian sshd[916]: Did not receive identification string
from 172.21.48.161
Aug  7 04:05:07 Debian sshd[917]: Invalid user administrator from
172.21.48.161
Aug  7 04:05:07 Debian sshd[917]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.21.48.161
Aug  7 04:05:09 Debian sshd[917]: Failed password for invalid user
administrator from 172.21.48.161 port 55548 ssh2
Aug  7 04:05:23 Debian sshd[917]: Connection closed by 172.21.48.161
[preauth]

Thanks again,

Best regards,


> I'm not sure does that require loglevel being "VERBOSE" in sshd_config.
> 
> And you might also want to install something like SSHGuard (package
> sshguard) to protect your SSHd and other services, which it protects
> from attackers. http://www.sshguard.net/
> 
>
Reply to: