On Mon, Apr 10, 2017 at 5:33 PM, Drew Fustini <[email protected]> wrote: > Has anyone seen ssh warnings similar to this in /var/log/auth.log on > their BeagleBone? > > pam_unix(sshd:auth): check pass; user unknown > pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 > tty=ssh ruser= rhost=103.207.37.232 > Failed password for invalid user support from 103.207.37.232 port 57227 ssh2 > fatal: Read from socket failed: Connection reset by peer [preauth] > Did not receive identification string from 103.207.37.232 > Address 123.31.31.90 maps to localhost, but this does not map back to > the address - POSSIBLE BREAK-IN ATTEMPT! > Invalid user support from 123.31.31.90 > input_userauth_request: invalid user support [preauth] > pam_unix(sshd:auth): check pass; user unknown
So the beagle with an address of 123.31.31.90, had a host trying to connect, and it blocked it: beagle: http://ipaddress.is/123.31.31.90 host trying to connect: http://ipaddress.is/103.207.37.232 This either occurred from two ways: 1: his upstream provider gave him a new ip address 2: he connected the Beagle directly to the web. I'm going to guess #2, and his board is either a bot now, or probally will be shortly.. aka, get a firewall, port forward, don't use port 22, etc... Regards, -- Robert Nelson https://rcn-ee.com/ -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/CAOCHtYjLhKjXnzES-jTpcEuA%3DL9ek%3DozZcJi8vEYaBaZw7x-KA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
