[Eisfair] Last LogIn Befehlt defekt

Daniel Kubein kuba_ at web.de
So Jun 2 06:49:27 CEST 2019 

Hallo Marcus,

> 
>>> Hast du eine feste öffentliche IP?
>>
>> Via DynDNS.
> 
> Ok, die sich aber damit wohl regelmäßig ändert, oder?

Ja, meine schon, die die dann aber vom DynDNS selber kommt
dürfte ja immer gleich sein, weil der Name ja immer gleich aufgelöst
wird.

> Kannst du auch zu meinen weiteren Fragen etwas sagen:
> 
> Findest du in älteren messages-Logs gleiche/ähnliche Einträge?

Ich scheine unter Dauerbeschuß zu stehen!

> Kommen die immer von der gleichen IP?

Nein.

Jun  2 01:29:56 superkubi sshd[13494]: Unable to negotiate with 
78.85.139.104 port 40006: no matching key exchange method found. Their 
offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 [preauth]
Jun  2 01:29:56 superkubi sshd[13494]: Unable to negotiate with 
78.85.139.104 port 40006: no matching key exchange method found. Their 
offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 [preauth]


Jun  2 02:21:24 superkubi -- MARK --
Jun  2 02:21:24 superkubi -- MARK --
Jun  2 02:30:00 superkubi sshd[13668]: Invalid user admin from 
193.32.163.89 port 47874
Jun  2 02:30:00 superkubi sshd[13668]: Invalid user admin from 
193.32.163.89 port 47874
Jun  2 02:30:00 superkubi sshd[13668]: Excess permission or bad 
ownership on file /var/log/btmp
Jun  2 02:30:00 superkubi sshd[13668]: Excess permission or bad 
ownership on file /var/log/btmp
Jun  2 02:30:00 superkubi sshd[13668]: pam_unix(sshd:auth): check pass; 
user unknown
Jun  2 02:30:00 superkubi sshd[13668]: pam_unix(sshd:auth): check pass; 
user unknown
Jun  2 02:30:00 superkubi sshd[13668]: pam_unix(sshd:auth): 
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= 
rhost=193.32.163.89
Jun  2 02:30:00 superkubi sshd[13668]: pam_unix(sshd:auth): 
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= 
rhost=193.32.163.89
Jun  2 02:30:02 superkubi sshd[13668]: Failed password for invalid user 
admin from 193.32.163.89 port 47874 ssh2
Jun  2 02:30:02 superkubi sshd[13668]: Failed password for invalid user 
admin from 193.32.163.89 port 47874 ssh2
Jun  2 02:30:02 superkubi sshd[13668]: Excess permission or bad 
ownership on file /var/log/btmp
Jun  2 02:30:02 superkubi sshd[13668]: Excess permission or bad 
ownership on file /var/log/btmp
Jun  2 02:30:04 superkubi sshd[13668]: Disconnecting invalid user admin 
193.32.163.89 port 47874: Change of username or service not allowed: 
(admin,ssh-connection) -> (user,ssh-connection) [preauth]
Jun  2 02:30:04 superkubi sshd[13668]: Disconnecting invalid user admin 
193.32.163.89 port 47874: Change of username or service not allowed: 
(admin,ssh-connection) -> (user,ssh-connection) [preauth]
Jun  2 02:30:39 superkubi sshd[13693]: Received disconnect from 
128.199.55.17 port 40308:11: Bye Bye [preauth]
Jun  2 02:30:39 superkubi sshd[13693]: Received disconnect from 
128.199.55.17 port 40308:11: Bye Bye [preauth]
Jun  2 02:30:39 superkubi sshd[13693]: Disconnected from 128.199.55.17 
port 40308 [preauth]
Jun  2 02:30:39 superkubi sshd[13693]: Disconnected from 128.199.55.17 
port 40308 [preauth]
Jun  2 02:35:52 superkubi sshd[13715]: Did not receive identification 
string from 46.9.119.61 port 48302
Jun  2 02:35:52 superkubi sshd[13715]: Did not receive identification 
string from 46.9.119.61 port 48302
Jun  2 02:52:12 superkubi sshd[13746]: Unable to negotiate with 
116.108.222.246 port 38858: no matching key exchange method found. Their 
offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 [preauth]
Jun  2 02:52:12 superkubi sshd[13746]: Unable to negotiate with 
116.108.222.246 port 38858: no matching key exchange method found. Their 
offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 [preauth]


Jun  2 05:00:28 superkubi sshd[14168]: Invalid user admin from 
193.32.163.89 port 49362
Jun  2 05:00:28 superkubi sshd[14168]: Invalid user admin from 
193.32.163.89 port 49362
Jun  2 05:00:28 superkubi sshd[14168]: Excess permission or bad 
ownership on file /var/log/btmp
Jun  2 05:00:28 superkubi sshd[14168]: Excess permission or bad 
ownership on file /var/log/btmp
Jun  2 05:00:29 superkubi sshd[14168]: pam_unix(sshd:auth): check pass; 
user unknown
Jun  2 05:00:29 superkubi sshd[14168]: pam_unix(sshd:auth): check pass; 
user unknown
Jun  2 05:00:29 superkubi sshd[14168]: pam_unix(sshd:auth): 
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= 
rhost=193.32.163.89
Jun  2 05:00:29 superkubi sshd[14168]: pam_unix(sshd:auth): 
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= 
rhost=193.32.163.89
Jun  2 05:00:31 superkubi sshd[14168]: Failed password for invalid user 
admin from 193.32.163.89 port 49362 ssh2
Jun  2 05:00:31 superkubi sshd[14168]: Failed password for invalid user 
admin from 193.32.163.89 port 49362 ssh2
Jun  2 05:00:31 superkubi sshd[14168]: Excess permission or bad 
ownership on file /var/log/btmp
Jun  2 05:00:31 superkubi sshd[14168]: Excess permission or bad 
ownership on file /var/log/btmp
Jun  2 05:00:32 superkubi sshd[14168]: Disconnecting invalid user admin 
193.32.163.89 port 49362: Change of username or service not allowed: 
(admin,ssh-connection) -> (user,ssh-connection) [preauth]
Jun  2 05:00:32 superkubi sshd[14168]: Disconnecting invalid user admin 
193.32.163.89 port 49362: Change of username or service not allowed: 
(admin,ssh-connection) -> (user,ssh-connection) [preauth]


> Treten diese Connect-Versuche auch zu Zeitpunkten auf, an denen du eine
> andere IP hattest?
> 

Die messages ist alle 5 Tage voll und rotiert und älter als
zehn Tage habe ich nichts mehr drauf liegen.


Dieses /var/log/btmp ist vom 13.02.2019 und habe ich jetzt gelöscht!

Gruß Daniel

Mehr Informationen über die Mailingliste Eisfair