1

This log is part of /var/log/secure :

enter image description here

Improve this question
3
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking.
    – Community Bot
    Commented Apr 14, 2023 at 12:19
  • 1
    Your server is publicly accessible, has an ssh server on it and someone on the Internet is rubbing common usernames and passwords against it. This is basically how the internet works now.
    – Mokubai
    Commented Apr 14, 2023 at 12:24
  • Please do not upload images of code/data/errors. Copy&paste the log file snippet as text. Do you need the server to be reachable from the internet? I suggest to disable password based authentication and allow public keys only.
    – Bodo
    Commented Apr 14, 2023 at 12:26

2 Answers 2

Reset to default
1

You're being attacked by hackers or (more likely) bots.

Ensure that your password is long and complicated, so cannot be broken by brute force.

Improve this answer
3
  • It gives me the creeps. Thanks a lot!
    – Andrew Law
    Commented Apr 14, 2023 at 12:32
  • The most important suggestion: disable password authentication and only allow key authentication. Be sure to use a large enough key.
    – Ramhound
    Commented Apr 14, 2023 at 13:10
  • Everyone on the internet is being attacked by zombie computers. It's a fact of life today.
    – harrymc
    Commented Apr 14, 2023 at 15:06
-1

Any server connected to the internet will suffer this. In addition to the long password mentioned elsewhere, consider using ssh keys and disabling password authentication, and root login with password or entirely. Just as with a normal password make sure the password/phrase on your ssh key is kept long and secure.

Improve this answer

Not the answer you're looking for? Browse other questions tagged .