This appears daily in logwatch under PAM. Is there anyway to prevent it? I already have configured sshd to prevent root login, and use fail2ban.
unknown (126.96.36.199): 189 Time(s) root (188.8.131.52): 75 Time(s) root (184.108.40.206): 74 Time(s) root (220.127.116.11): 55 Time(s) root (18.104.22.168): 50 Time(s) root (22.214.171.124): 50 Time(s) root (126.96.36.199): 50 Time(s) root (188.8.131.52): 50 Time(s) root (184.108.40.206): 50 Time(s) root (220.127.116.11): 50 Time(s)
I guess I could switch login to certificate only, but that limits how I can access my server.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.