[Techtalk] 216 ssh login attempts, what to do?

Colleen Hatfield evilpig at gmail.com
Tue Oct 12 21:54:07 EST 2004

On Tue, 12 Oct 2004 19:39:27 -0700, Raquel Rice <raquel at thericehouse.net> wrote:
> My SSH runs on port 22 also.  The attempts are found in auth.log.  I
> assume "whoever" is trying to find something open?  Some weakness?

Is it possible that what you're seeing in your auth.log is the source
port rather than the destination port?  That could explain the
random/high port numbers.

A sampling from my auth.log:
sshd[21516]: Failed password for root from port 52662 ssh2
sshd[21518]: Failed password for root from port 54573 ssh2
sshd[21542]: Failed password for www-data from port 37127 ssh2
sshd[21546]: Failed password for operator from port 39448 ssh2
sshd[21552]: Failed password for irc from port 42665 ssh2
sshd[21554]: Failed password for irc from port 44427 ssh2

Is that what you're referring to, or something else entirely?  If your
sshd is only listening on port 22, it would be really odd for sshd to
be logging anything incoming on any other port.

Sorry if I'm missing something obvious here.

- Colleen

More information about the Techtalk mailing list