On Monday 20,August,2012 10:44 PM, Mika Suomalainen wrote: > On 20.08.2012 17:02, lina wrote: >> On Monday 20,August,2012 09:59 PM, lina wrote: >>>> Hi, >>>> >>>> I ssh to a server which has 400+ users, active ones around >>>> 100. >>>> >>>> Frankly speaking, I would feel comfortable to hide my IP if >>>> possible, >>>> >>>> any suggestions (I checked the spoof, but seems not positive), >>>> >>>> Thanks with best regards, >>>> >>>> >> Another question, how do I know whether there are some people are >> attempting to invade my laptop, my username, ip are all exposed >> there. > > If you have SSHd and that is what you are worried about, grep ssh from > /var/log/auth.log .
This is the first time I know the auth.log Aug 20 16:06:14 Debian sshd[10509]: Did not receive identification string from 172.21.48.161 Aug 20 16:06:42 Debian sshd[10510]: Invalid user administrator from 172.21.48.161 Aug 20 16:06:43 Debian sshd[10510]: Failed password for invalid user administrator from 172.21.48.161 port 56139 ssh2 Aug 20 16:06:44 Debian sshd[10510]: Connection closed by 172.21.48.161 [preauth] 172.21.48.161 is not the ip of any servers I connected to. and for ssh I use public keys to connect to sever, don't use password. For the whole day I didn't shut down the laptop, 172.21.50.108 is the ip, and furthermore I checked # more syslog | grep 172.21.48.161 # more syslog.1 | grep 172.21.48.161 my laptop has never been bound to this IP before. I don't know shall I be a bit appalled or not. > I'm not sure does that require loglevel being "VERBOSE" in sshd_config. > > And you might also want to install something like SSHGuard (package > sshguard) to protect your SSHd and other services, which it protects > from attackers. http://www.sshguard.net/ Thanks very much. Best regards, > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5032531f.2000...@gmail.com
