New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
centos 7 vultr vps login attempts
hey, i reinstalled os on my vps, after that when i login via putty i am getting this message-
Last failed login: Tue Oct 6 19:53:28 UTC 2020 from ip114.ip-51-254-156.eu on ssh:notty
There were 11 failed login attempts since the last successful login.
i dont know what it is and if its bad how do i stop it?
Comments
when vultr was create the template was receive this hits. Not neaparately this was happened inside of you vm...
hey man, thanks for the super fast reply. i am freaking out about this. is it okey and safe?
FYI - Vultr has an external firewall in their control panel. I would suggest setting port 22 to only allow the IPs you do work from. That is a quick painless thing to do. Next- you can change the SSH port to another port. There are instructions all over the internet on how to do thiss. Additionally you can setup your vps to use keys only.
However the firewall is simple to do as a quick starting point.
Basically someone is trying to log in to your vps. Could be a robot that just checks port 22 everywhere or perhaps the former user of the ip was a target.
As long they are failed attempts its all good;)
In all seriousness, the whole IPv4 space gets probed for services like SSH and if a bot sees port 22 open it will try to take over the machine. Its pretty normal to see those messages.
Maybe consider changing the SSH Port, install Fail2ban to block IPs after x login attempts and try to use SSH with public-key authentication instead of plain passwords to keep your VM secure.
thanks man, i changed the port 22
Changing the port is still not a fix, you will most likely still get failed login attempts.
To protect SSH you should do the following
Don't forget to set
PermitRootLogin
tono
(or at leastprohibit-password
) in/etc/ssh/sshd_config
Then use a non-privileged account to SSH in, escalate to root only when necessary
My IDS logs indicate 100k+ invalid login attempts on a weekly basis. You don't have to lose a moment's sleep over any of it, as long as services and ports are configured properly, with strict policies for handling blacklisting of offending IPs, subnets and ASNs, if required.
thanks, guys, I will follow up on the suggested fixes