You are not logged in.

Pages: 1

#1 2012-11-14 03:58:58

Squiddles
Member
Registered: 2011-05-31
Posts: 73

Should I be worried about this?

I was just familiarizing myself with journalctl with its man page and found the '-f' option. Used it and just when I was going to stop it, this happens:

Nov 13 21:54:31 Archie sudo[5281]: pam_unix(sudo:session): session opened for user root by (uid=0)
Nov 13 21:54:31 Archie sudo[5281]: pam_unix(sudo:session): session closed for user root
Nov 13 21:57:25 Archie sshd[5606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:57:27 Archie sshd[5606]: Failed password for root from 60.174.109.132 port 6047 ssh2
Nov 13 21:57:27 Archie sshd[5606]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:57:29 Archie sshd[5611]: Invalid user be from 60.174.109.132
Nov 13 21:57:29 Archie sshd[5611]: input_userauth_request: invalid user be [preauth]
Nov 13 21:57:29 Archie sshd[5611]: pam_unix(sshd:auth): check pass; user unknown
Nov 13 21:57:29 Archie sshd[5611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132
Nov 13 21:57:31 Archie sshd[5611]: Failed password for invalid user be from 60.174.109.132 port 6233 ssh2
Nov 13 21:57:31 Archie sshd[5611]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:57:33 Archie sshd[5622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=bin
Nov 13 21:57:34 Archie sshd[5622]: Failed password for bin from 60.174.109.132 port 6463 ssh2
Nov 13 21:57:35 Archie sshd[5622]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:57:36 Archie sshd[5627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=bin
Nov 13 21:57:38 Archie sshd[5627]: Failed password for bin from 60.174.109.132 port 6646 ssh2
Nov 13 21:57:38 Archie sshd[5627]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:57:40 Archie sshd[5635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=bin
Nov 13 21:57:42 Archie sshd[5635]: Failed password for bin from 60.174.109.132 port 6842 ssh2
Nov 13 21:57:42 Archie sshd[5635]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:57:44 Archie sshd[5643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=bin
Nov 13 21:57:46 Archie sshd[5643]: Failed password for bin from 60.174.109.132 port 7053 ssh2
Nov 13 21:57:46 Archie sshd[5643]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:57:48 Archie sshd[5651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=bin
Nov 13 21:57:50 Archie sshd[5651]: Failed password for bin from 60.174.109.132 port 7241 ssh2
Nov 13 21:57:50 Archie sshd[5651]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:57:52 Archie sshd[5659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=bin
Nov 13 21:57:54 Archie sshd[5659]: Failed password for bin from 60.174.109.132 port 7454 ssh2
Nov 13 21:57:54 Archie sshd[5659]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:57:55 Archie sshd[5667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=bin
Nov 13 21:57:58 Archie sshd[5667]: Failed password for bin from 60.174.109.132 port 7672 ssh2
Nov 13 21:57:58 Archie sshd[5667]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:57:59 Archie sshd[5675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=bin
Nov 13 21:58:01 Archie sshd[5675]: Failed password for bin from 60.174.109.132 port 7876 ssh2
Nov 13 21:58:01 Archie sshd[5675]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:58:03 Archie sshd[5680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=bin
Nov 13 21:58:05 Archie sshd[5680]: Failed password for bin from 60.174.109.132 port 8063 ssh2
Nov 13 21:58:05 Archie sshd[5680]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:58:07 Archie sshd[5688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=bin
Nov 13 21:58:08 Archie sshd[5688]: Failed password for bin from 60.174.109.132 port 8262 ssh2
Nov 13 21:58:09 Archie sshd[5688]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:58:10 Archie sshd[5696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=bin
Nov 13 21:58:12 Archie sshd[5696]: Failed password for bin from 60.174.109.132 port 8452 ssh2
Nov 13 21:58:12 Archie sshd[5696]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:58:14 Archie sshd[5709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=bin
Nov 13 21:58:16 Archie sshd[5709]: Failed password for bin from 60.174.109.132 port 8625 ssh2
Nov 13 21:58:16 Archie sshd[5709]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:58:18 Archie sshd[5717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=bin
Nov 13 21:58:20 Archie sshd[5717]: Failed password for bin from 60.174.109.132 port 8850 ssh2
Nov 13 21:58:20 Archie sshd[5717]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:58:22 Archie sshd[5725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=bin
Nov 13 21:58:23 Archie sshd[5725]: Failed password for bin from 60.174.109.132 port 9054 ssh2
Nov 13 21:58:24 Archie sshd[5725]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:58:25 Archie sshd[5733]: Invalid user karla from 60.174.109.132
Nov 13 21:58:25 Archie sshd[5733]: input_userauth_request: invalid user karla [preauth]
Nov 13 21:58:25 Archie sshd[5733]: pam_unix(sshd:auth): check pass; user unknown
Nov 13 21:58:25 Archie sshd[5733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132
Nov 13 21:58:27 Archie sshd[5733]: Failed password for invalid user karla from 60.174.109.132 port 9227 ssh2
Nov 13 21:58:27 Archie sshd[5733]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:58:29 Archie sshd[5738]: Invalid user kylix from 60.174.109.132
Nov 13 21:58:29 Archie sshd[5738]: input_userauth_request: invalid user kylix [preauth]
Nov 13 21:58:29 Archie sshd[5738]: pam_unix(sshd:auth): check pass; user unknown
Nov 13 21:58:29 Archie sshd[5738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132
Nov 13 21:58:31 Archie sshd[5738]: Failed password for invalid user kylix from 60.174.109.132 port 9417 ssh2
Nov 13 21:58:31 Archie sshd[5738]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:58:32 Archie sshd[5746]: Invalid user mov from 60.174.109.132
Nov 13 21:58:32 Archie sshd[5746]: input_userauth_request: invalid user mov [preauth]
Nov 13 21:58:32 Archie sshd[5746]: pam_unix(sshd:auth): check pass; user unknown
Nov 13 21:58:32 Archie sshd[5746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132
Nov 13 21:58:35 Archie sshd[5746]: Failed password for invalid user mov from 60.174.109.132 port 9593 ssh2
Nov 13 21:58:35 Archie sshd[5746]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:58:37 Archie sshd[5757]: Invalid user richard from 60.174.109.132
Nov 13 21:58:37 Archie sshd[5757]: input_userauth_request: invalid user richard [preauth]
Nov 13 21:58:37 Archie sshd[5757]: pam_unix(sshd:auth): check pass; user unknown
Nov 13 21:58:37 Archie sshd[5757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132
Nov 13 21:58:39 Archie sshd[5757]: Failed password for invalid user richard from 60.174.109.132 port 9800 ssh2
Nov 13 21:58:39 Archie sshd[5757]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:58:41 Archie sshd[5765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:58:43 Archie sshd[5765]: Failed password for root from 60.174.109.132 port 10013 ssh2
Nov 13 21:58:43 Archie sshd[5765]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:58:44 Archie sshd[5776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:58:47 Archie sshd[5776]: Failed password for root from 60.174.109.132 port 10196 ssh2
Nov 13 21:58:47 Archie sshd[5776]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:58:48 Archie sshd[5784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:58:50 Archie sshd[5784]: Failed password for root from 60.174.109.132 port 10387 ssh2
Nov 13 21:58:50 Archie sshd[5784]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:58:52 Archie sshd[5792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:58:54 Archie sshd[5792]: Failed password for root from 60.174.109.132 port 10556 ssh2
Nov 13 21:58:54 Archie sshd[5792]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:58:56 Archie sshd[5800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:58:58 Archie sshd[5800]: Failed password for root from 60.174.109.132 port 10727 ssh2
Nov 13 21:58:58 Archie sshd[5800]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:00 Archie sshd[5808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:01 Archie sshd[5808]: Failed password for root from 60.174.109.132 port 10915 ssh2
Nov 13 21:59:02 Archie sshd[5808]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:03 Archie sshd[5816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:05 Archie sshd[5816]: Failed password for root from 60.174.109.132 port 11088 ssh2
Nov 13 21:59:05 Archie sshd[5816]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:07 Archie sshd[5824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:09 Archie sshd[5824]: Failed password for root from 60.174.109.132 port 11258 ssh2
Nov 13 21:59:09 Archie sshd[5824]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:11 Archie sshd[5829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:12 Archie sshd[5829]: Failed password for root from 60.174.109.132 port 11459 ssh2
Nov 13 21:59:13 Archie sshd[5829]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:14 Archie sshd[5837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:16 Archie sshd[5837]: Failed password for root from 60.174.109.132 port 11631 ssh2
Nov 13 21:59:17 Archie sshd[5837]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:18 Archie sshd[5845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:20 Archie sshd[5845]: Failed password for root from 60.174.109.132 port 11831 ssh2
Nov 13 21:59:21 Archie sshd[5845]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:22 Archie sshd[5853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:24 Archie sshd[5853]: Failed password for root from 60.174.109.132 port 12038 ssh2
Nov 13 21:59:24 Archie sshd[5853]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:26 Archie sshd[5861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:28 Archie sshd[5861]: Failed password for root from 60.174.109.132 port 12203 ssh2
Nov 13 21:59:28 Archie sshd[5861]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:30 Archie sshd[5869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:32 Archie sshd[5869]: Failed password for root from 60.174.109.132 port 12392 ssh2
Nov 13 21:59:32 Archie sshd[5869]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:34 Archie sshd[5877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:36 Archie sshd[5877]: Failed password for root from 60.174.109.132 port 12568 ssh2
Nov 13 21:59:36 Archie sshd[5877]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:37 Archie sshd[5885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:40 Archie sshd[5885]: Failed password for root from 60.174.109.132 port 12744 ssh2
Nov 13 21:59:40 Archie sshd[5885]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:42 Archie sshd[5894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:44 Archie sshd[5894]: Failed password for root from 60.174.109.132 port 12938 ssh2
Nov 13 21:59:44 Archie sshd[5894]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:45 Archie sshd[5902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:47 Archie sshd[5902]: Failed password for root from 60.174.109.132 port 13107 ssh2
Nov 13 21:59:47 Archie sshd[5902]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:49 Archie sshd[5912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:51 Archie sshd[5912]: Failed password for root from 60.174.109.132 port 13276 ssh2
Nov 13 21:59:51 Archie sshd[5912]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:53 Archie sshd[5920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:55 Archie sshd[5920]: Failed password for root from 60.174.109.132 port 13447 ssh2
Nov 13 21:59:55 Archie sshd[5920]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 21:59:57 Archie sshd[5925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 21:59:59 Archie sshd[5925]: Failed password for root from 60.174.109.132 port 13610 ssh2
Nov 13 21:59:59 Archie sshd[5925]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:00:01 Archie sshd[5933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:00:03 Archie sshd[5933]: Failed password for root from 60.174.109.132 port 13808 ssh2
Nov 13 22:00:03 Archie sshd[5933]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:00:04 Archie sshd[5941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:00:06 Archie sshd[5941]: Failed password for root from 60.174.109.132 port 14011 ssh2
Nov 13 22:00:06 Archie sshd[5941]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:00:08 Archie sshd[5949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:00:10 Archie sshd[5949]: Failed password for root from 60.174.109.132 port 14190 ssh2
Nov 13 22:00:11 Archie sshd[5949]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:00:12 Archie sshd[5976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:00:15 Archie sshd[5976]: Failed password for root from 60.174.109.132 port 14388 ssh2
Nov 13 22:00:15 Archie sshd[5976]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:00:16 Archie sshd[5989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:00:18 Archie sshd[5989]: Failed password for root from 60.174.109.132 port 14566 ssh2
Nov 13 22:00:18 Archie sshd[5989]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:00:20 Archie sshd[5997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:00:22 Archie sshd[5997]: Failed password for root from 60.174.109.132 port 14748 ssh2
Nov 13 22:00:23 Archie sshd[5997]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:00:24 Archie sshd[6009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:00:26 Archie sshd[6009]: Failed password for root from 60.174.109.132 port 15037 ssh2
Nov 13 22:00:27 Archie sshd[6009]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:00:28 Archie sshd[6017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:00:30 Archie sshd[6017]: Failed password for root from 60.174.109.132 port 15250 ssh2
Nov 13 22:00:31 Archie sshd[6017]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:00:32 Archie sshd[6027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:00:35 Archie sshd[6027]: Failed password for root from 60.174.109.132 port 15471 ssh2
Nov 13 22:00:35 Archie sshd[6027]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:00:37 Archie sshd[6035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:00:39 Archie sshd[6035]: Failed password for root from 60.174.109.132 port 15713 ssh2
Nov 13 22:00:39 Archie sshd[6035]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:00:40 Archie sshd[6046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:00:42 Archie sshd[6046]: Failed password for root from 60.174.109.132 port 15946 ssh2
Nov 13 22:00:43 Archie sshd[6046]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:00:44 Archie sshd[6054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:00:47 Archie sshd[6054]: Failed password for root from 60.174.109.132 port 16170 ssh2
Nov 13 22:00:47 Archie sshd[6054]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:00:48 Archie sshd[6064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:00:50 Archie sshd[6064]: Failed password for root from 60.174.109.132 port 16389 ssh2
Nov 13 22:00:51 Archie sshd[6064]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:00:52 Archie sshd[6072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:00:54 Archie sshd[6072]: Failed password for root from 60.174.109.132 port 16583 ssh2
Nov 13 22:00:54 Archie sshd[6072]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:00:56 Archie sshd[6080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:00:58 Archie sshd[6080]: Failed password for root from 60.174.109.132 port 16765 ssh2
Nov 13 22:00:58 Archie sshd[6080]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:00 Archie sshd[6088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:02 Archie sshd[6088]: Failed password for root from 60.174.109.132 port 16978 ssh2
Nov 13 22:01:02 Archie sshd[6088]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:04 Archie sshd[6096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:05 Archie sshd[6096]: Failed password for root from 60.174.109.132 port 17156 ssh2
Nov 13 22:01:05 Archie sshd[6096]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:07 Archie sshd[6104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:09 Archie sshd[6104]: Failed password for root from 60.174.109.132 port 17324 ssh2
Nov 13 22:01:09 Archie sshd[6104]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:11 Archie sshd[6112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:13 Archie sshd[6112]: Failed password for root from 60.174.109.132 port 17526 ssh2
Nov 13 22:01:13 Archie sshd[6112]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:15 Archie sshd[6117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:16 Archie sshd[6117]: Failed password for root from 60.174.109.132 port 17694 ssh2
Nov 13 22:01:17 Archie sshd[6117]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:18 Archie sshd[6128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:21 Archie sshd[6128]: Failed password for root from 60.174.109.132 port 17864 ssh2
Nov 13 22:01:21 Archie sshd[6128]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:22 Archie sshd[6141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:24 Archie sshd[6141]: Failed password for root from 60.174.109.132 port 18062 ssh2
Nov 13 22:01:24 Archie sshd[6141]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:26 Archie sshd[6149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:28 Archie sshd[6149]: Failed password for root from 60.174.109.132 port 18245 ssh2
Nov 13 22:01:29 Archie sshd[6149]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:30 Archie sshd[6157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:32 Archie sshd[6157]: Failed password for root from 60.174.109.132 port 18443 ssh2
Nov 13 22:01:33 Archie sshd[6157]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:34 Archie sshd[6165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:36 Archie sshd[6165]: Failed password for root from 60.174.109.132 port 18621 ssh2
Nov 13 22:01:36 Archie sshd[6165]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:38 Archie sshd[6173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:40 Archie sshd[6173]: Failed password for root from 60.174.109.132 port 18795 ssh2
Nov 13 22:01:40 Archie sshd[6173]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:42 Archie sshd[6182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:44 Archie sshd[6182]: Failed password for root from 60.174.109.132 port 18992 ssh2
Nov 13 22:01:44 Archie sshd[6182]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:46 Archie sshd[6190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:48 Archie sshd[6190]: Failed password for root from 60.174.109.132 port 19180 ssh2
Nov 13 22:01:48 Archie sshd[6190]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:49 Archie sshd[6201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:52 Archie sshd[6201]: Failed password for root from 60.174.109.132 port 19363 ssh2
Nov 13 22:01:52 Archie sshd[6201]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:54 Archie sshd[6209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:55 Archie sshd[6209]: Failed password for root from 60.174.109.132 port 19561 ssh2
Nov 13 22:01:56 Archie sshd[6209]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:01:57 Archie sshd[6217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:01:59 Archie sshd[6217]: Failed password for root from 60.174.109.132 port 19726 ssh2
Nov 13 22:01:59 Archie sshd[6217]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:02:01 Archie sshd[6225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:02:03 Archie sshd[6225]: Failed password for root from 60.174.109.132 port 19922 ssh2
Nov 13 22:02:04 Archie sshd[6225]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]
Nov 13 22:02:05 Archie sshd[6233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.109.132  user=root
Nov 13 22:02:07 Archie sshd[6233]: Failed password for root from 60.174.109.132 port 20121 ssh2
Nov 13 22:02:07 Archie sshd[6233]: Received disconnect from 60.174.109.132: 11: Bye Bye [preauth]

It appears to be a Chinese IP. While, I am using the default port, I have 'PermitRootLogin' set to 'no' and 'Protocol' set to '2'.

This is my first time dealing with something like this, so needless to say I disabled SSH, and I'm not quite sure what to do next.

Offline

#2 2012-11-14 04:20:07

TheHebes
Member
From: New England
Registered: 2011-07-07
Posts: 138

Re: Should I be worried about this?

While it's certainly not good, it's not something that's particularly uncommon. That looks fairly similar both of my file servers (both have ssh enabled). It sounds like you've done the smart/obvious thing of disabling remote root login. At this point, I would make sure you have strong remote login credentials and would blacklist the IP with iptables.

Laptops:
MSI GS60 Ghost
Asus Zenbook Pro UX501VW
Lenovo Thinkpad X120e

Offline

#3 2012-11-14 04:23:56

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,774

Re: Should I be worried about this?

I don't know.  Are your passwords strong?

This is a very typical attack.  I see several of them per day. 

You have a few choices.
1. Use strong passwords
2. Use a program such as fail2ban to manipulate iptables to block brute force attacks
3. Use SSH Keys and disable password logins

Note:  Fail2ban currently requires that you use a conventional logging utility such as syslog-ng.  See the this article on using syslog with systemd.

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#4 2012-11-14 05:38:48

Squiddles
Member
Registered: 2011-05-31
Posts: 73

Re: Should I be worried about this?

Thank you for the responses!

I didn't know this wasn't out of the ordinary. In fact, going back through the logs, I see it happening on a couple other occasions with no access given. I feel I have a secure password, though that won't stop me from making up a better one. I'll also get right on looking at fail2ban, iptables and SSH Key use.

Is there anything my paranoid self can do to make sure nothing's compromised? Besides nuking the disk and reinstalling?

Offline

#5 2012-11-14 05:43:39

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,774

Re: Should I be worried about this?

Just make sure that access was not granted.  You can also install and use a root-kit sniffer.  Although not perfect, it may give a warm and fuzzy.

ewaller@odin:~ 1002 %pacman -Ss rootkit
extra/chkrootkit 0.49-3 [installed]
    Locally checks for signs of a rootkit
community/rkhunter 1.4.0-1
    Checks machines for the presence of rootkits and other unwanted tools.
community/unhide 20110113-3
    A forensic tool to find processes hidden by rootkits, LKMs or by other techniques.
ewaller@odin:~ 1003 %

Edit:  BTW, chkrootkit currently gives a FALSE positive with systemd:

Searching for Suckit rootkit... Warning: /sbin/init INFECTED

Last edited by ewaller (2012-11-14 05:48:26)

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#6 2012-11-14 07:14:08

tomk
Forum Fellow
From: Ireland
Registered: 2004-07-21
Posts: 9,839

Re: Should I be worried about this?

More generally, asking this question now suggests you didn't really put much thought into your decision to expose your ssh service over the internet. There is copious documentation about this subject, and there's also common sense - you should use both.

Offline

#7 2012-11-14 07:14:59

Squiddles
Member
Registered: 2011-05-31
Posts: 73

Re: Should I be worried about this?

Excellent, and thanks for the heads up with systemd.

tomk wrote:

More generally, asking this question now suggests you didn't really put much thought into your decision to expose your ssh service over the internet. There is copious documentation about this subject, and there's also common sense - you should use both.

Your right, I didn't. Exposing my computer to the internet began with the 'want' to stream MPD. The SSH idea came later. I admit I didn't read a whole lot into the security as I ran with what I had already read/done to protect myself. Though I didn't expect random access attempts like this. It was dumb, but this time it's part of a learning experience.

Last edited by Squiddles (2012-11-14 07:28:37)

Offline

Pages: 1

Board footer

Powered by FluxBB