Hallo Community,
ich weiß nicht was ich davon halten soll. Aber ich fange einfach mal von vorne an. Also ich wollte die log bei Kubuntu sehen und habe im Netz folgenden gefunden. Ob der richtig ist oder nicht, ist eigentlich auch egal. nach dem ich folgenden Befehl in die Konsole eingegeben habe kam folgendes raus.
journalctl -f
Mär 15 16:45:38 Workstation sshd[615]: Failed password for root from 36.156.24.95 port 52848 ssh2 Mär 15 16:45:40 Workstation sshd[613]: Failed password for root from 125.65.42.192 port 44362 ssh2 Mär 15 16:45:40 Workstation sshd[594]: Failed password for root from 61.184.247.4 port 56028 ssh2 Mär 15 16:45:40 Workstation sshd[594]: Received disconnect from 61.184.247.4 port 56028:11: [preauth] Mär 15 16:45:40 Workstation sshd[594]: Disconnected from authenticating user root 61.184.247.4 port 56028 [preauth] Mär 15 16:45:40 Workstation sshd[594]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.184.247.4 user=root Mär 15 16:45:40 Workstation sshd[594]: PAM service(sshd) ignoring max retries; 4 > 3 Mär 15 16:45:40 Workstation sshd[635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.111.139.210 user=root Mär 15 16:45:41 Workstation sshd[610]: Connection closed by 223.111.139.244 port 38132 [preauth] Mär 15 16:45:41 Workstation sshd[615]: Failed password for root from 36.156.24.95 port 52848 ssh2 Mär 15 16:45:41 Workstation sshd[615]: Connection reset by authenticating user root 36.156.24.95 port 52848 [preauth] Mär 15 16:45:41 Workstation sshd[615]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.156.24.95 user=root Mär 15 16:45:42 Workstation sshd[613]: Failed password for root from 125.65.42.192 port 44362 ssh2 Mär 15 16:45:43 Workstation sshd[613]: Received disconnect from 125.65.42.192 port 44362:11: [preauth] Mär 15 16:45:43 Workstation sshd[613]: Disconnected from authenticating user root 125.65.42.192 port 44362 [preauth] Mär 15 16:45:43 Workstation sshd[613]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.65.42.192 user=root Mär 15 16:45:43 Workstation sshd[613]: PAM service(sshd) ignoring max retries; 4 > 3 Mär 15 16:45:45 Workstation sshd[640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.65.42.192 user=root Mär 15 16:45:46 Workstation sshd[638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.111.139.244 user=root Mär 15 16:45:46 Workstation sshd[635]: Failed password for root from 223.111.139.210 port 44960 ssh2 Mär 15 16:45:49 Workstation sshd[661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.65.42.192 user=root Mär 15 16:45:49 Workstation sshd[645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.156.24.95 user=root Mär 15 16:45:50 Workstation sshd[640]: Failed password for root from 125.65.42.192 port 56916 ssh2 Mär 15 16:45:50 Workstation sshd[638]: Failed password for root from 223.111.139.244 port 39540 ssh2 Mär 15 16:45:51 Workstation sshd[640]: Failed password for root from 125.65.42.192 port 56916 ssh2 Mär 15 16:45:52 Workstation sshd[638]: Failed password for root from 223.111.139.244 port 39540 ssh2 Mär 15 16:45:53 Workstation sshd[635]: Received disconnect from 223.111.139.210 port 44960:11: [preauth] Mär 15 16:45:53 Workstation sshd[635]: Disconnected from authenticating user root 223.111.139.210 port 44960 [preauth] Mär 15 16:45:53 Workstation sshd[635]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.111.139.210 user=root Mär 15 16:45:53 Workstation sshd[661]: Failed password for root from 125.65.42.192 port 38073 ssh2 Mär 15 16:45:54 Workstation sshd[640]: Failed password for root from 125.65.42.192 port 56916 ssh2 Mär 15 16:45:54 Workstation sshd[640]: Received disconnect from 125.65.42.192 port 56916:11: [preauth] Mär 15 16:45:54 Workstation sshd[640]: Disconnected from authenticating user root 125.65.42.192 port 56916 [preauth] Mär 15 16:45:54 Workstation sshd[640]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.65.42.192 user=root Mär 15 16:45:54 Workstation sshd[640]: PAM service(sshd) ignoring max retries; 4 > 3 Mär 15 16:45:55 Workstation sshd[638]: Failed password for root from 223.111.139.244 port 39540 ssh2 Mär 15 16:45:55 Workstation sshd[638]: Received disconnect from 223.111.139.244 port 39540:11: [preauth] Mär 15 16:45:55 Workstation sshd[638]: Disconnected from authenticating user root 223.111.139.244 port 39540 [preauth] Mär 15 16:45:55 Workstation sshd[638]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.111.139.244 user=root Mär 15 16:45:55 Workstation sshd[638]: PAM service(sshd) ignoring max retries; 4 > 3 Mär 15 16:45:56 Workstation sshd[661]: Failed password for root from 125.65.42.192 port 38073 ssh2 Mär 15 16:45:57 Workstation sshd[669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.65.42.192 user=root Mär 15 16:45:58 Workstation sshd[672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.111.139.244 user=root Mär 15 16:45:58 Workstation sshd[661]: Failed password for root from 125.65.42.192 port 38073 ssh2 Mär 15 16:45:59 Workstation sshd[661]: Received disconnect from 125.65.42.192 port 38073:11: [preauth] Mär 15 16:45:59 Workstation sshd[661]: Disconnected from authenticating user root 125.65.42.192 port 38073 [preauth] Mär 15 16:45:59 Workstation sshd[661]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.65.42.192 user=root Mär 15 16:45:59 Workstation sshd[661]: PAM service(sshd) ignoring max retries; 4 > 3 Mär 15 16:45:59 Workstation sshd[666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.111.139.210 user=root Mär 15 16:45:59 Workstation sshd[645]: Connection reset by authenticating user root 36.156.24.95 port 34327 [preauth] Mär 15 16:46:01 Workstation sshd[688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.65.42.192 user=root Mär 15 16:46:02 Workstation sshd[669]: Failed password for root from 125.65.42.192 port 39731 ssh2 Mär 15 16:46:02 Workstation sshd[672]: Failed password for root from 223.111.139.244 port 44104 ssh2 Mär 15 16:46:03 Workstation sshd[666]: Failed password for root from 223.111.139.210 port 60275 ssh2 Mär 15 16:46:04 Workstation sshd[669]: Failed password for root from 125.65.42.192 port 39731 ssh2 Mär 15 16:46:06 Workstation sshd[688]: Failed password for root from 125.65.42.192 port 52975 ssh2 Mär 15 16:46:06 Workstation sshd[666]: Failed password for root from 223.111.139.210 port 60275 ssh2 Mär 15 16:46:07 Workstation sshd[669]: Failed password for root from 125.65.42.192 port 39731 ssh2 Mär 15 16:46:07 Workstation sshd[669]: Received disconnect from 125.65.42.192 port 39731:11: [preauth] Mär 15 16:46:07 Workstation sshd[669]: Disconnected from authenticating user root 125.65.42.192 port 39731 [preauth] Mär 15 16:46:07 Workstation sshd[669]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.65.42.192 user=root Mär 15 16:46:07 Workstation sshd[669]: PAM service(sshd) ignoring max retries; 4 > 3 Mär 15 16:46:08 Workstation sshd[688]: Failed password for root from 125.65.42.192 port 52975 ssh2 Mär 15 16:46:09 Workstation sshd[666]: Failed password for root from 223.111.139.210 port 60275 ssh2 Mär 15 16:46:10 Workstation sshd[666]: Received disconnect from 223.111.139.210 port 60275:11: [preauth] Mär 15 16:46:10 Workstation sshd[666]: Disconnected from authenticating user root 223.111.139.210 port 60275 [preauth] Mär 15 16:46:10 Workstation sshd[666]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.111.139.210 user=root Mär 15 16:46:10 Workstation sshd[666]: PAM service(sshd) ignoring max retries; 4 > 3 Mär 15 16:46:10 Workstation sshd[672]: Received disconnect from 223.111.139.244 port 44104:11: [preauth] Mär 15 16:46:10 Workstation sshd[672]: Disconnected from authenticating user root 223.111.139.244 port 44104 [preauth] Mär 15 16:46:10 Workstation sshd[672]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.111.139.244 user=root Mär 15 16:46:10 Workstation sshd[688]: Failed password for root from 125.65.42.192 port 52975 ssh2 Mär 15 16:46:11 Workstation sshd[688]: Received disconnect from 125.65.42.192 port 52975:11: [preauth] Mär 15 16:46:11 Workstation sshd[688]: Disconnected from authenticating user root 125.65.42.192 port 52975 [preauth] Mär 15 16:46:11 Workstation sshd[688]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.65.42.192 user=root Mär 15 16:46:11 Workstation sshd[688]: PAM service(sshd) ignoring max retries; 4 > 3 Mär 15 16:47:10 Workstation dbus-daemon[1261]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=3757 comm="/usr/lib/firefox/firefox --sm-client-id 1013315214" label="unconfined") Mär 15 16:47:10 Workstation systemd[1]: Starting Hostname Service... Mär 15 16:47:10 Workstation dbus-daemon[1261]: [system] Successfully activated service 'org.freedesktop.hostname1' Mär 15 16:47:10 Workstation systemd[1]: Started Hostname Service. Mär 15 16:48:27 Workstation sshd[13899]: pam_unix(sshd:session): session closed for user root Mär 15 16:48:27 Workstation systemd-logind[1235]: Removed session 8. Mär 15 16:48:27 Workstation systemd[1]: Stopping User Manager for UID 0... Mär 15 16:48:27 Workstation systemd[13901]: Stopped target Default. Mär 15 16:48:27 Workstation systemd[13901]: Stopped target Basic System. Mär 15 16:48:27 Workstation systemd[13901]: Stopped target Paths. Mär 15 16:48:27 Workstation systemd[13901]: Stopped target Timers. Mär 15 16:48:27 Workstation systemd[13901]: Stopped target Sockets. Mär 15 16:48:27 Workstation systemd[13901]: Closed D-Bus User Message Bus Socket. Mär 15 16:48:27 Workstation systemd[13901]: Closed GnuPG cryptographic agent (ssh-agent emulation). Mär 15 16:48:27 Workstation systemd[13901]: Closed GnuPG cryptographic agent and passphrase cache (access for web browsers). Mär 15 16:48:27 Workstation systemd[13901]: Closed GnuPG cryptographic agent and passphrase cache. Mär 15 16:48:27 Workstation systemd[13901]: Closed GnuPG cryptographic agent and passphrase cache (restricted). Mär 15 16:48:27 Workstation systemd[13901]: Closed GnuPG network certificate management daemon.
Und man sieht ganz klar das 125.65.42.192, 223.111.139.244 versuchen per ssh2 auf meinen Rechner zu kommen. Als ich den Port geschlossen habe sind auch die Meldungen nicht mehr gekommen. Jedoch wenn man bei www.utrace.de mal zurück verfolgt bekomme ich eine China Telecom Sichuan Region: Chengdu (CN), ist das jetzt einer aus China??? Weil der SSH Port ist nur für mein Mobiltelefon gedacht. Da ist kein weiteres Gerät das ankommen soll. Noch dazu aus CHINA?
Was meint ihr soll ich das ignorieren. Oder Port zu machen, Passwörter ändern und auf VPN zugreifen.
Grüß aus München, nicht China.