Solved someone trying to login via ssh?

Hi,
Every morning my FreeBSD workstation console shows a bunch of error message. I check /var/log/auth.log. A screenshot is attached.
What seems to trigger these errors? Is someone trying to login to the workstation?

Thanks.
 

Attachments

  • screenshot.png
    screenshot.png
    241.1 KB · Views: 136
Last edited:
Looks like a script kiddy trying to break in. If you don't want or need ssh logins from the Internet, then disable them in sshd_config(5), using the ListenAddress keyword:
Code:
# We don't listen on the Internet.  These two IPs face inwards.
ListenAddress 192.168.1.251
ListenAddress 192.168.1.254
 
  • Like
Reactions: mer
From what I gather, and believe, ssh is the most attacked port/protocol. Merely having sshd running will elicit lots of these attempts.

What you see are not errors, but a log of failed attempts. So long as you have ssh running, you are likely to continue seeing these.

Use keys rather than passwords, and make sure as best, that attackers cannot guess passwords.



BTW, why are your logs in beautiful colour? Is this actually Freebsd?
 
BTW, why are your logs in beautiful colour? Is this actually Freebsd?
Probably webmin/virtualmin interface, or something similar. Judging by the bar on the left hand side of the screenshot.
 
Thanks for the replies. Looks key-based ssh and sshguard is the way to go.

I set up vim to show colorful contents, quite simple settings. The screenshot was taken on a Windows workstation on which I use Termius to log into the FreeBSD workstation and open the file using vim.
 
For next time, please don't post pictures of text. Just copy/paste the information in a [code]...[/code] block. Pictures are impossible to quote or copy from, which makes it difficult for us to respond to.
 
Back
Top