Hi I have a question about preauth attempts per day. When I run logwatch Why do I get ? Bye Bye [preauth] : 2484 Times ?
there are around 3000 connections to SSH per day. Is this amount normal ? Is this something to be concerned about? I have setup SSH with the following config: Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key Ciphers and keying #RekeyLimit default none Logging #SyslogFacility AUTH #LogLevel INFO Authentication: #LoginGraceTime 2m PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 PubkeyAuthentication yes Expect .ssh/authorized_keys2 to be disregarded by default in future. AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no Change to yes if you don't trust ~/.ssh/known_hosts for HostbasedAuthentication #IgnoreUserKnownHosts no Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes To disable tunneled clear text passwords, change to no here! PasswordAuthentication noPermitEmptyPasswords no
