Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Just wondering if anyone can tell me why it might appear my router is attempting to log into my desktop repeatedly? Could it be something more sinister?
Forgot to tell you the obvious: to also check your routers access logs ;-p If its logs are clean, or if it isn't the type of router that would allow one to telnet or SSH (or whatever else method) into and SSH to your machine anyway, then your jail.conf settings should have the routers IP in the "ignoreip" directive. I wonder though what you modified because jail.conf only lists /var/log/secure for the ssh-iptables jail and filter.d/sshd.conf only looks at SSH daemon messages and for a few "failregex"es...
Though have to say I'm a little confused: I used Sparkleshare which is what the user 'storage' is used for , but certainly my crappy router does not use that. 'Storage' also has failed logins.
Code:
Jan 6 09:47:33 desktop sshd[27851]: Set /proc/self/oom_score_adj to 0
Jan 6 09:47:33 desktop sshd[27851]: Connection from 192.168.0.1 port 51306
Jan 6 09:47:33 desktop sshd[27851]: Found matching RSA key:
Jan 6 09:47:33 desktop sshd[27851]: Postponed publickey for storage from 192.168.0.1 port 51306 ssh2 [preauth]
Jan 6 09:47:33 desktop sshd[27851]: Found matching RSA key:
Jan 6 09:47:33 desktop sshd[27851]: Accepted publickey for storage from 192.168.0.1 port 51306 ssh2
Jan 6 09:47:33 desktop sshd[27851]: User child is on pid 27853
Jan 6 09:47:33 desktop sshd[27853]: Connection closed by 192.168.0.1
Jan 6 09:47:33 desktop sshd[27853]: Transferred: sent 2648, received 2760 bytes
Jan 6 09:47:33 desktop sshd[27853]: Closing connection to 192.168.0.1 port 51306
Well you could get the same entries by doing LAN machine -> external address -> router NAT -> other LAN machine. If you know exactly which SSH accounts are allowed and if they all use pubkey auth you could add your routers IP to jail.conf.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.