ssh login failures

tally of ssh login failures

SEAN K.H. LIAO

ssh login failures

tally of ssh login failures

login fail

So I have/had a server with a public address, and of course people try to login.

With SSH key only login + no root login, I didn't run fail2ban, because why would you need it?

1Jun 03 16:11:20 nevers sshd[1418181]: pam_tally2(sshd:auth): Tally overflowed for user root

Ah yes, overflows only took 5 months. And they clutter up the journal anyways

time period

6 months, from clean install

head /var/log/pacman.log:

1[2020-01-07 09:18] [PACMAN] Running 'pacman -r /mnt -Sy --cachedir=/mnt/var/cache/pacman/pkg --noconfirm base base-devel linux linux-firmware intel-ucode zsh git docker sudo go go-tools htop man-db man-pages neovim python python-neovim prettier reflector exa ripgrep aria2 opemssh zsh-completions kitty-terminfo'
2[2020-01-07 09:18] [PACMAN] synchronizing package lists
3[2020-01-07 09:18] [PACMAN] Running 'pacman -r /mnt -Sy --cachedir=/mnt/var/cache/pacman/pkg --noconfirm base base-devel linux linux-firmware intel-ucode zsh git docker sudo go go-tools htop man-db man-pages neovim python python-neovim prettier reflector exa ripgrep aria2 openssh zsh-completions kitty-terminfo'
4[2020-01-07 09:18] [PACMAN] synchronizing package lists
5[2020-01-07 09:21] [ALPM] transaction started
6...

pam tally

which users do people/bots try?

pam_tally2 --reset:

 1Login           Failures Latest failure     From
 2root            65534    06/21/20 13:28:30  54.37.68.66
 3bin              1003    06/21/20 12:13:08  117.50.77.220
 4daemon          14205    06/21/20 04:41:31  14.18.61.73
 5mail            14322    06/21/20 10:57:08  139.213.220.70
 6ftp              4321    06/21/20 12:41:24  27.34.251.60
 7http              169    06/14/20 07:59:06  198.46.242.223
 8uuidd              31    05/15/20 20:59:46  182.61.108.39
 9dbus              109    06/11/20 02:08:55  54.38.158.17
10ntp                42    05/27/20 06:48:57  195.231.1.153
11polkitd            58    05/30/20 22:35:46  178.128.13.87
12grafana           107    06/20/20 17:26:02  106.13.147.89
13prometheus        145    06/21/20 12:39:08  83.17.166.241
14znc                60    06/21/20 01:56:39  103.1.179.94
15dhcp               16    06/09/20 00:54:43  61.154.14.234
16mysql            3858    06/21/20 13:02:41  61.111.32.137
17cacti             350    06/21/20 13:01:34  46.164.143.82
18colord             50    06/20/20 10:56:08  59.63.212.100
19avahi              72    06/13/20 15:44:31  49.233.88.126
20git              7746    06/21/20 13:28:26  182.74.25.246
21systemd-network    12    05/16/20 22:53:50  78.118.109.44
22gerrit             56    06/20/20 19:56:08  1.71.140.71
23nobody           2851    06/21/20 11:17:43  148.70.35.211