On 2020-01-31 22:37, Michael Eager wrote: > Apparently, my original post was not as clear as I thought. > > Password authentication on the workstation is disabled and port 22 > is not forwarded by the firewall. > > Fail2ban would not answer the question of where the SSH access is coming > from on the LAN. If something on the LAN is forwarding SSH connections, > knowing that the IP is in China does not give me info about where this > is happening.
Well, if the connection is not coming via the firewall and its associated Internet Connection then it only stands to reason that another device on your network is connected/connecting to the Internet in a different manner and allowing traffic on the LAN. However, if you run wireshark on the server which is getting the connection you will know not only the source IP but the MAC address which is passing it. That should tell you the device on your network which is sending the connection request. -- The key to getting good answers is to ask good questions. _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
