LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-24-2017, 09:37 PM   #1
luofeiyu
Member
 
Registered: Aug 2015
Posts: 237

Rep: Reputation: Disabled
How to explain the log info and where is sshd log file and ?


To input journalctl after logining my vps.

journalctl _COMM=sshd -f

Feb 16 06:34:40 localhost sshd[324]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 38876
Feb 16 06:34:40 localhost sshd[325]: Did not receive identification string from 23.252.100.22
Feb 16 07:34:40 localhost sshd[326]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 40602
Feb 16 07:34:40 localhost sshd[327]: Did not receive identification string from 23.252.100.22
Feb 16 08:34:40 localhost sshd[328]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 38298
Feb 16 08:34:40 localhost sshd[329]: Did not receive identification string from 23.252.100.22
Feb 16 09:34:41 localhost sshd[348]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 42132
Feb 16 09:34:41 localhost sshd[349]: Did not receive identification string from 23.252.100.22
Feb 16 10:34:39 localhost sshd[350]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 60988
Feb 16 10:34:39 localhost sshd[351]: Did not receive identification string from 23.252.100.22
Feb 16 11:34:40 localhost sshd[352]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 33850
Feb 16 11:34:40 localhost sshd[353]: Did not receive identification string from 23.252.100.22
Feb 16 12:34:39 localhost sshd[354]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 44998
Feb 16 12:34:39 localhost sshd[355]: Did not receive identification string from 23.252.100.22
Feb 16 13:34:38 localhost sshd[356]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 52632
Feb 16 13:34:38 localhost sshd[357]: Did not receive identification string from 23.252.100.22
Feb 16 14:34:41 localhost sshd[358]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 43864
Feb 16 14:34:41 localhost sshd[359]: Did not receive identification string from 23.252.100.22
Feb 16 15:34:40 localhost sshd[360]: Bad protocol version identification 'GET / HTTP/1.0' from 23.252.100.22 port 53402
Feb 16 15:34:40 localhost sshd[361]: Did not receive identification string from 23.252.100.22

Does the log mean that 23.252.100.22 (not my ip and not my vps ip) try to crack my vps key?

Where is the file containing such log info?
 
Old 02-25-2017, 07:20 AM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
I'd take HTTP and run with it.

IF it were me.

IDK journalctl worth a damn.

and as for 23.252.100.22, never like "him".
 
Old 02-25-2017, 03:07 PM   #3
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
You didn't say your distro, on CentOS/RHEL it'll go to /var/log/secure due to the following settings

/etc/ssh/sshd_config

Code:
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
/etc/rsyslog.conf

Code:
# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure
 
Old 02-25-2017, 08:17 PM   #4
luofeiyu
Member
 
Registered: Aug 2015
Posts: 237

Original Poster
Rep: Reputation: Disabled
os:debian8.4
cat /etc/rsyslog.conf
auth,authpriv.* -/var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog


cat /var/log/auth.log
nothing as output
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Which log file contains information and error messages generated by sshd regarding... turbomen Linux - Newbie 1 11-16-2010 03:34 AM
In Apache server, How to change log file location and log format for access log fil? since1993 Linux - Server 1 08-19-2009 05:14 PM
Deleting a 28gb log file has no impact on disk usage, can someone explain why? Andrew.Johnstone Linux - General 3 10-21-2008 06:50 AM
Can't find my sshd log file... mantonr Linux - Server 5 08-11-2008 10:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration