Hello
I had literally 5 non terminal login attempts to root, "Authentication failure for root via sshd from 59.47.112.161 ssh:notty", before Fail2ban did it's job and blocked the IP. I am aware that this is common if the ssh server is exposed to the internet but ssh access is supposed to only be available to my internal network, I VPN into the network if I need to do anything via ssh. I also don't have thousands log entries for failed root login attempts so it doesn't indicate that I have a config error but you never know.
Can anyone possibly shed some light on how/why this would happen?
I had literally 5 non terminal login attempts to root, "Authentication failure for root via sshd from 59.47.112.161 ssh:notty", before Fail2ban did it's job and blocked the IP. I am aware that this is common if the ssh server is exposed to the internet but ssh access is supposed to only be available to my internal network, I VPN into the network if I need to do anything via ssh. I also don't have thousands log entries for failed root login attempts so it doesn't indicate that I have a config error but you never know.
Can anyone possibly shed some light on how/why this would happen?
In Firewall
Share this post:
Responses (3)
-
Accepted Answer
Hello
I had literally 5 non terminal login attempts to root, "Authentication failure for root via sshd from 59.47.112.161 ssh:notty", before Fail2ban did it's job and blocked the IP. I am aware that this is common if the ssh server is exposed to the internet but ssh access is supposed to only be available to my internal network geometry dash lite, I VPN into the network if I need to do anything via ssh. I also don't have thousands log entries for failed root login attempts so it doesn't indicate that I have a config error but you never know.
Can anyone possibly shed some light on how/why this would happen?
Hello, I think it is weak or compromised credentials. It is possible that someone obtained or guessed the root account credentials. Double-check that your root password is strong and not easily guessable. Consider changing the root password to a new, strong one. -
Accepted Answer
The issue is that a SSH login attempt was even possible on the WAN interface, 22 is not supposed to be accessible on the WAN because it is not open on the firewall. Password is 25 characters, randomly generated from KeePass. Anyhow, I removed login for root and setup the Ubuntu approach with a sudo user. -
Accepted Answer
I believe it is due to insufficient or corrupted credentials. Someone may have gained or guessed the root account credentials. geometry dash scratch
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »