Hello. DigitalOcean support banned my account because my server was trying to get acces to another one. Here is log from target server:
Oct 8 17:09:51 c-3po sshd[31374]: Did not receive identification string from 82.196.2.248 Oct 8 18:49:19 c-3po sshd[7318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.196.2.248 user=root Oct 8 18:49:21 c-3po sshd[7318]: Failed password for root from 82.196.2.248 port 36473 ssh2 Oct 8 18:49:22 c-3po sshd[7322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.196.2.248 user=root Oct 8 18:49:24 c-3po sshd[7322]: Failed password for root from 82.196.2.248 port 36737 ssh2 Oct 8 18:49:25 c-3po sshd[7324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.196.2.248 user=root Oct 8 18:49:27 c-3po sshd[7324]: Failed password for root from 82.196.2.248 port 36868 ssh2 Oct 8 18:49:28 c-3po sshd[7326]: Invalid user abcs from 82.196.2.248 Oct 8 18:49:28 c-3po sshd[7326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.196.2.248 Oct 8 18:49:30 c-3po sshd[7326]: Failed password for invalid user abcs from 82.196.2.248 port 37010 ssh2 Oct 8 18:49:31 c-3po sshd[7328]: Invalid user admin from 82.196.2.248 Oct 8 18:49:31 c-3po sshd[7328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.196.2.248 Oct 8 18:49:33 c-3po sshd[7328]: Failed password for invalid user admin from 82.196.2.248 port 37212 ssh2 Oct 8 20:54:32 c-3po sshd[17688]: Invalid user asd from 82.196.2.248 Oct 8 20:54:32 c-3po sshd[17688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.196.2.248
As I understand someone get acess to my server. I’ve used password protected ssh key when created server. I’ve got few questions:
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Make sure you’ve installed: <br> <br>1.) <a href=“https://www.digitalocean.com/community/articles/how-to-protect-ssh-with-fail2ban-on-ubuntu-12-04”>How To Protect SSH with fail2ban on Ubuntu 12.04</a>; <br> <br>2.) <a href=“https://www.digitalocean.com/community/articles/how-to-install-denyhosts-on-ubuntu-12-04”>How To Install DenyHosts on Ubuntu 12.04</a>; and <br> <br>3.) <a href=“https://www.digitalocean.com/community/articles/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server”>How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server</a>; <br> <br>Lastly, just b/c an SSH key is used does not disable password logins automatically. For a step-by-step guide on disabling password-logins, check out the tail of: <a href=“https://www.digitalocean.com/community/articles/how-to-create-ssh-keys-with-putty-to-connect-to-a-vps”>How To Create SSH Keys with PuTTY to Connect to a VPS</a>.
I don’t see from logs that he gained access? (he only tried and failed, so you should considere using fail2ban or CSF)