SSH login attempts from China? Failed password for root from [china ip]
Command: ( GIT_ASKPASS=/bin/echo GIT_SSH=/tmp/app/git-ssh.sh /usr/bin/env git ls-remote email@example.com:foobar/app.git ) Permission denied (publickey). fatal: The remote end hung up unexpectedlyThis was working perfectly a week ago and I did deployments several times. When I checked /var/log/auth.log, I see a lot of SSH login attempts from Asia (China, Korea...):
Jun 10 07:04:42 staging sshd: Disconnecting: Too many authentication failures for root [preauth] Jun 10 07:04:42 staging sshd: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=184.108.40.206 user=root Jun 10 07:04:42 staging sshd: PAM service(sshd) ignoring max retries; 6 > 3 Jun 10 07:04:45 staging sshd: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.127.116.11 user=root Jun 10 07:04:47 staging sshd: Failed password for root from 18.104.22.168 port 2769 ssh2 Jun 10 07:04:59 sshd: last message repeated 5 timesAlso several username login attempts, none of them I've seen/used before:
Jun 10 07:09:10 staging sshd: Invalid user hermes from 22.214.171.124 Jun 10 07:36:03 staging sshd: Invalid user sid from 126.96.36.199 Jun 10 07:42:44 staging sshd: Invalid user vincent from 188.8.131.52 Jun 10 07:56:11 staging sshd: Invalid user stella from 184.108.40.206 Jun 10 08:02:55 staging sshd: Invalid user ernie from 220.127.116.11I'm using key based authentication for SSH and for bitbucket as well. 1) Are those SSH attempts something "common" or "to be expected"? 2) What can I do to make my droplet more secure and maybe report those attempts via email? And is it worth it?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.×