On 8/6/07, Chris G cl@isbd.net wrote:
I have suddenly started getting lots of messages like the following in my /var/log/messages:-
Aug 5 06:59:01 home sshd[7886]: Connection from 193.128.168.195 port 63433 Aug 5 07:14:02 home sshd[7890]: Connection from 193.128.168.195 port 63995 Aug 5 07:29:01 home sshd[7893]: Connection from 193.128.168.195 port 64515 Aug 5 07:44:01 home sshd[2451]: Generating new 768 bit RSA key. Aug 5 07:44:01 home sshd[2451]: RSA key generation complete. Aug 5 07:44:02 home sshd[7897]: Connection from 193.128.168.195 port 65110I can't see any other activity as a result, no attempted logins or odd processes running. Should I be worried? The IP address 193.128.168.195 seems to be unidentified.
whois 193.128.168.195 suggests "AP Solve Limited".
I get the occasional login attempt from other places but these are fairly obvious and my passwords are close to unguessable so they don't worry me too much.
For another layer of security I use sshblack: http://www.pettingers.org/code/sshblack.html
I installed it after getting sick of hearing the harddisk recording every login attempt. After 'n' guesses the IP address is blocked (with iptables) for a few days. There is a white list too, just incase you want regular remote access from an IP address someone else could cause to block.
Regards, Tim.