break-in attempt in my machine

J.Witvliet at mindef.nl J.Witvliet at mindef.nl
Sun Aug 28 09:45:28 UTC 2016 

No problem with that.
Some further suggestions....
You Can limit the amount of incoming calls with iptables (against continously dictionaire attacks)

Even better, there is a patch for openssh, that you Can use PKI certificates , like those stored on smartcards

You Can also add Google-two stap authentication....

Verstuurd vanaf mijn iPhone

> Op 27 aug. 2016 om 12:56 heeft Volker Wysk <post at volker-wysk.de> het volgende geschreven:
>
> Sorry for the wrong language. Here's the English translation:
>
>
> Hello!
>
> I get a log of messages in /var/log/auth.log, which look like that:
>
> -----------------------
> ...
> Aug 27 12:06:05 desktop sshd[7406]: PAM 2 more authentication failures;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=221.194.44.218  user=root
> Aug 27 12:06:08 desktop sshd[7412]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.194.44.218  user=root
> Aug 27 12:06:10 desktop sshd[7412]: Failed password for root from
> 221.194.44.218 port 48680 ssh2
> Aug 27 12:06:15 desktop sshd[7412]: message repeated 2 times: [ Failed
> password for root from 221.194.44.218 port 48680 ssh2]
> Aug 27 12:06:16 desktop sshd[7412]: Received disconnect from 221.194.44.218
> port 48680:11:  [preauth]
> Aug 27 12:06:16 desktop sshd[7412]: Disconnected from 221.194.44.218 port
> 48680 [preauth]
> Aug 27 12:06:16 desktop sshd[7412]: PAM 2 more authentication failures;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=221.194.44.218  user=root
> Aug 27 12:06:19 desktop sshd[7418]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.194.44.218  user=root
> Aug 27 12:06:21 desktop sshd[7418]: Failed password for root from
> 221.194.44.218 port 59535 ssh2
> Aug 27 12:06:27 desktop sshd[7418]: message repeated 2 times: [ Failed
> password for root from 221.194.44.218 port 59535 ssh2]
> Aug 27 12:06:27 desktop sshd[7418]: Received disconnect from 221.194.44.218
> port 59535:11:  [preauth]
> Aug 27 12:06:27 desktop sshd[7418]: Disconnected from 221.194.44.218 port
> 59535 [preauth]
> ...
> -----------------------
>
> This already goes on like this since yesterday. For me, this looks like
> someone tries to break in my machine via SSH, by trying many possible
> passwords.
>
> Is this correct?
>
> My password is in no dictionary, and is also not obvious in any other way, so
> I don't worry much that the break-in might get successful.
>
> Volker
>
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.

More information about the ubuntu-users mailing list