Security question
Dec 16 14:22:50 plato sshd[9546]: Failed password for root from 222.173.194.34 port 18199 ssh2
Dec 16 14:22:53 plato sshd[9548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.173.194.34 user=root
Dec 16 14:22:55 plato sshd[9548]: Failed password for root from 222.173.194.34 port 19366 ssh2
Dec 16 14:22:59 plato sshd[9550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.173.194.34 user=root
Dec 16 14:23:01 plato sshd[9550]: Failed password for root from 222.173.194.34 port 20514 ssh2
Dec 16 14:23:04 plato sshd[9552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.173.194.34 user=root
Dec 16 14:23:06 plato sshd[9552]: Failed password for root from 222.173.194.34 port 21697 ssh2
where it looks like someone is trying to access my server as root user and failing? and it was not me trying to connect. Would this be true and what should I do to prevent such possibility?
6 Replies
Best way to avoid it: "PermitRootLogin no" and "PasswordAuthentication no" in /etc/ssh/sshd_config (note: set up key-based authentication first), and make sure logrotate is installed so that your logs are kept to a manageable size.
I do still use root, and I heard it is not good. Now I see why. How do I create some other user that has all the access and how do I create key and use it with putty? I am a noob here, so please give me some short instructions or recommendations. Has Linode got some tutorial on this?
p.s.
I see IP trying to break in some China web
This page is probably what you're after:
/ˈnôrməl/
Adjective
Conforming to a standard;
Noun
The usual, average, or typical state or condition.
Synonyms
adjective. regular - standard - ordinary - common - usual
noun. normality - normalcy - perpendicular
If you wanted to treat it as a crime, you'd spend the rest of your life trying to investigate and file charges against the millions of such requests your server will get.