Undesired ssh login attempts
Hi,
I recently get many of those, which means someone found out that ssh
external is on port 22222 and is trying to do some evil work there.
Should I worry or do something?
Jun 10 02:44:38 server sshd[3189]: debug1: Forked child 21583.
Jun 10 02:44:38 server sshd[21583]: debug1: Set /proc/self/oom_score_adj to
0
Jun 10 02:44:38 server sshd[21583]: debug1: rexec start in 4 out 4 newsock 4
pipe 6 sock 7
Jun 10 02:44:38 server sshd[21583]: debug1: inetd sockets after dupping: 3,
3
Jun 10 02:44:38 server sshd[21583]: Connection from 197.159.128.171 port
60976 on 192.168.40.40 port 22222
Jun 10 02:44:38 server sshd[21583]: debug1: Client protocol version 2.0;
client software version libssh-0.2
Jun 10 02:44:38 server sshd[21583]: debug1: no match: libssh-0.2
Jun 10 02:44:38 server sshd[21583]: debug1: Local version string
SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u3
Jun 10 02:44:38 server sshd[21583]: debug1: Enabling compatibility mode for
protocol 2.0
Jun 10 02:44:38 server sshd[21583]: debug2: fd 3 setting O_NONBLOCK
Jun 10 02:44:38 server sshd[21583]: debug2: Network child is on pid 21584
Jun 10 02:44:38 server sshd[21583]: debug1: permanently_set_uid: 109/65534
[preauth]
Jun 10 02:44:38 server sshd[21583]: debug1: list_hostkey_types:
ssh-rsa,rsa-sha2-512,rsa-sha2-256 [preauth]
Jun 10 02:44:38 server sshd[21583]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Jun 10 02:44:38 server sshd[21583]: Connection closed by 197.159.128.171
port 60976 [preauth]
Jun 10 02:44:38 server sshd[21583]: debug1: do_cleanup [preauth]
Jun 10 02:44:38 server sshd[21583]: debug1: monitor_read_log: child log fd
closed
Jun 10 02:44:38 server sshd[21583]: debug1: do_cleanup
Jun 10 02:44:38 server sshd[21583]: debug1: Killing privsep child 21584
Jun 10 02:44:38 server sshd[21583]: debug1: audit_event: unhandled event 12
Similar for apache web server.
I think both are secure: for ssh no users with easy password allowed to
login and apache - no pages or stuff that would compromise.
thanks for opinion
regards
Reply to: