On Monday 20,August,2012 10:44 PM, Mika Suomalainen wrote: > On 20.08.2012 17:02, lina wrote: >> On Monday 20,August,2012 09:59 PM, lina wrote: >>>> Hi, >>>> >>>> I ssh to a server which has 400+ users, active ones around >>>> 100. >>>> >>>> Frankly speaking, I would feel comfortable to hide my IP if >>>> possible, >>>> >>>> any suggestions (I checked the spoof, but seems not positive), >>>> >>>> Thanks with best regards, >>>> >>>> >> Another question, how do I know whether there are some people are >> attempting to invade my laptop, my username, ip are all exposed >> there. > > If you have SSHd and that is what you are worried about, grep ssh from > /var/log/auth.log .
BTW, what is the 172.21.48.161, seems in the old auth.log* also has this one. # zmore auth.log.2.gz | grep 172.21.48.161 Aug 5 16:05:13 Debian sshd[15369]: Did not receive identification string from 172.21.48.161 Aug 5 16:05:36 Debian sshd[15370]: Invalid user administrator from 172.21.48.161 Aug 5 16:05:36 Debian sshd[15370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.21.48.161 Aug 5 16:05:38 Debian sshd[15370]: Failed password for invalid user administrator from 172.21.48.161 port 54999 ssh2 Aug 5 16:05:40 Debian sshd[15370]: Connection closed by 172.21.48.161 [preauth] Aug 6 04:04:45 Debian sshd[19015]: Did not receive identification string from 172.21.48.161 Aug 6 04:05:09 Debian sshd[19016]: Invalid user administrator from 172.21.48.161 Aug 6 04:05:09 Debian sshd[19016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.21.48.161 Aug 6 04:05:10 Debian sshd[19016]: Failed password for invalid user administrator from 172.21.48.161 port 59847 ssh2 Aug 6 04:05:11 Debian sshd[19016]: Connection closed by 172.21.48.161 [preauth] Aug 6 16:06:08 Debian sshd[23030]: Did not receive identification string from 172.21.48.161 Aug 6 16:06:29 Debian sshd[23032]: Invalid user administrator from 172.21.48.161 Aug 6 16:06:29 Debian sshd[23032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.21.48.161 Aug 6 16:06:31 Debian sshd[23032]: Failed password for invalid user administrator from 172.21.48.161 port 49880 ssh2 Aug 6 16:06:32 Debian sshd[23032]: Connection closed by 172.21.48.161 [preauth] Aug 7 04:04:44 Debian sshd[916]: Did not receive identification string from 172.21.48.161 Aug 7 04:05:07 Debian sshd[917]: Invalid user administrator from 172.21.48.161 Aug 7 04:05:07 Debian sshd[917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.21.48.161 Aug 7 04:05:09 Debian sshd[917]: Failed password for invalid user administrator from 172.21.48.161 port 55548 ssh2 Aug 7 04:05:23 Debian sshd[917]: Connection closed by 172.21.48.161 [preauth] Thanks again, Best regards, > I'm not sure does that require loglevel being "VERBOSE" in sshd_config. > > And you might also want to install something like SSHGuard (package > sshguard) to protect your SSHd and other services, which it protects > from attackers. http://www.sshguard.net/ > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/503254ab.8030...@gmail.com
