• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Solved [Solved] sshd Error messages

selhan

New Member


Messages: 15

#1
Can anyone explain to me why I'm finding this error messages on my server every day, and how can I get rid of this? please.

Example 1:
Code:
Jun 4 00:46:46 shell sshd[17263]: error: PAM: authentication error for root from 219.138.135.63
Jun 4 00:46:48 shell sshd[17294]: error: PAM: authentication error for root from 219.138.135.63
Example 2:
Code:
login: Jun 4 21:38:41 shell sshd[20901]: error: PAM: authentication error for illegal user admin from 23.97.212.138
Jun 4 21:38:41 shell  sshd[20901]: error: Received disconnected from 23.97.212.138: 3: com.jcraft.jsch.JSchExeption: Auth cancel [preauth]
Jun 4 22:35:48 shell  sshd[21022]: fatal: Read from socket failed: Connection reset by peer [preauth]
Example 3:
Code:
Jun 12 15:13:26 shell sshd[68139]: error: PAM: authentication error for illegal user genoveba from host188-177-static.4-79-b.business.telecomitalia.it
Jun 12 15:13:39 shell sshd[68142]: error: PAM: authentication error for illegal user amanda from host188-177-static.4-79-b.business.telecomitalia.it
Jun 12 15:13:45 shell sshd[68145]: error: PAM: authentication error for illegal user dark from host188-177-static.4-79-b.business.telecomitalia.it
I have FreeBSD 9.2
Thank you!
 

wblock@

Administrator
Staff member
Administrator
Moderator
Developer

Thanks: 3,580
Messages: 13,850

#2
Re: Error messages

People, or rather, bots, are trying to log in to your server by guessing account names. Please make sure that root login by sshd() is not allowed, and it is recommended to only allow login with an SSH key instead of passwords. Many people run security/sshguard to limit these attacks.
 

selhan

New Member


Messages: 15

#3
Last edited by a moderator:

junovitch@

Daemon
Developer

Thanks: 609
Messages: 1,773

#4
Re: Error messages

In /etc/ssh/sshd_config, everything that is commented by default reflects the default settings. You don't need to uncomment this below because it already is disabled.
Code:
#PermitRootLogin no
Enabling SSH Key login only however you do have to enable and is probably a must for any box open to the Internet.
 

kusanagiyang

Member

Thanks: 2
Messages: 30

#6
Hello,
I have a noob followup question ... I saw these messages on a newly setup freeBSD11 box behind a commercial SOHO home router, e.g. Linksys, Dlink, etc... Does this mean my private network is comprised?? How else do they formulate such login attempts? Those source IPs are routable public IP, and, my sshd is not sitting on any public interface and there is no any forwarding with this box yet. Do I misread any thing? Thanks
 

Phishfry

Son of Beastie

Thanks: 860
Messages: 2,634

#7

kusanagiyang

Member

Thanks: 2
Messages: 30

#8
Thanks for the swift reply.
I accidentally used an IP, which was DMZed a long time ago, but wasn't turned off... that is a big mystery solved ( phew )
 
Top