-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 20.08.2012 18:15, lina wrote: > BTW, what is the 172.21.48.161, seems in the old auth.log* also has > this one. > > # zmore auth.log.2.gz | grep 172.21.48.161 Aug 5 16:05:13 Debian > sshd[15369]: Did not receive identification string from > 172.21.48.161 Aug 5 16:05:36 Debian sshd[15370]: Invalid user > administrator from 172.21.48.161 Aug 5 16:05:36 Debian > sshd[15370]: pam_unix(sshd:auth): authentication failure; logname= > uid=0 euid=0 tty=ssh ruser= rhost=172.21.48.161 Aug 5 16:05:38 > Debian sshd[15370]: Failed password for invalid user administrator > from 172.21.48.161 port 54999 ssh2 <...>
For me it looks like a bot, which is trying to guess usernames and passwords to your system. If you had sshguard or something similar installed, you would also see message about that host being banned, because of failed authentications. > Thanks again, You're welcome :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Public key: http://mkaysi.github.com/PGP/0x82A46728.txt Comment: gpg --fetch-keys http://mkaysi.github.com/PGP/0x82A46728.txt Comment: Fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 Comment: Why do I (clear)sign emails? http://git.io/6FLzWg Comment: Please remove PGP lines in replies. http://git.io/nvHrDg Comment: Charset of this message should be UTF-8. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJQMljbAAoJEE21PP6CpGcokD8P+QEwW6fcdsR2fGqcmfhIlVt9 SdF9HCZ5pL1j5P5VrddRpEYq0aEQrxDyTe7dSiNepR+V+Xs5uh+v/MZjm1b4kuPi QN65VWxMJWMuKKp98ZrJ/llIw0rkI+CVXIH4FJnON70J5IuHZJjO17SV3lO+TYyP BwclQm7kGqDUuBzUv2ZllnH7sisdyhqVMm+uX7D0u3laJilbEZVlJTB+UF6FAPqJ 9iR5gam0nU1fPjDZpm7CzDpfgrrh1Akte1TRF6D2yikJeeXWq/nCeL7A/w8fGe8W m8vj4bdomJYP7ogx4BqPGo9wGfoMFNTAqpAQQMgS33IAmQNUM+PI1CgXZXpF19jN EdeTBxjAcxZnynI1yLR5kCJBIxR9fkkbTME5I16QVlnVqb9IkjsMbny7XdrHZ9bj cR6pYE0LPF8XCID5zWWjJPj5rYmJSyQYPZ1lEcqjZmJ9wWRf0xTRuirhKFBS8KiN UaeOz1XcyJ++rJmv+l94xv1h+ZcDdHCoKMLzYvxLTn9eOJD8d9Cz/4o+5ZemaLCO L/c5JWLySWDPmMz8pH3o4TDSukmu1FTSgdgv1KS/m8Yfk8U7tmVWprs3QOftIUUA 5gXgRDiHlXLs1TtqI4JzDD4SM+W1xIq/3qjH+t6QEvH6lIGiVPzzjLAd7uiySP+f TYuL0ElasnGztTx/nR+s =FwK3 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/503258dd.6000...@users.sourceforge.net
