Get a lot of invalid user requests when I look at system log

A

avidesh

New Member
Dec 28, 2023
15
0
1
here is a sample from the logs
Code: 
Nov 26 08:32:13 pve sshd[509762]: Invalid user c from fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33304
Nov 26 08:32:13 pve sshd[509762]: pam_unix(sshd:auth): check pass; user unknown
Nov 26 08:32:13 pve sshd[509762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=fe80::96fb:a7ff:fe62:a62f%vmbr2
Nov 26 08:32:15 pve sshd[509762]: Failed password for invalid user c from fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33304 ssh2
Nov 26 08:32:16 pve sshd[509762]: Received disconnect from fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33304:11: SSH client disconnected [preauth]
Nov 26 08:32:16 pve sshd[509762]: Disconnected from invalid user c fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33304 [preauth]
Nov 26 08:32:27 pve sshd[509840]: Invalid user developer from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57157
Nov 26 08:32:27 pve sshd[509840]: pam_unix(sshd:auth): check pass; user unknown
Nov 26 08:32:27 pve sshd[509840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2405:201:1007:195:96fb:a7ff:fe62:a62f
Nov 26 08:32:29 pve sshd[509840]: Failed password for invalid user developer from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57157 ssh2
Nov 26 08:32:29 pve sshd[509840]: Received disconnect from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57157:11: SSH client disconnected [preauth]
Nov 26 08:32:29 pve sshd[509840]: Disconnected from invalid user developer 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57157 [preauth]
Nov 26 08:32:30 pve sshd[509878]: Invalid user public from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57158
Nov 26 08:32:30 pve sshd[509878]: pam_unix(sshd:auth): check pass; user unknown
Nov 26 08:32:30 pve sshd[509878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2405:201:1007:195:96fb:a7ff:fe62:a62f
Nov 26 08:32:32 pve sshd[509878]: Failed password for invalid user public from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57158 ssh2
Nov 26 08:32:33 pve sshd[509878]: Received disconnect from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57158:11: SSH client disconnected [preauth]
Nov 26 08:32:33 pve sshd[509878]: Disconnected from invalid user public 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57158 [preauth]
Nov 26 08:32:33 pve sshd[509882]: Invalid user student from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57159
Nov 26 08:32:33 pve sshd[509882]: pam_unix(sshd:auth): check pass; user unknown
Nov 26 08:32:33 pve sshd[509882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2405:201:1007:195:96fb:a7ff:fe62:a62f
Nov 26 08:32:34 pve sshd[509882]: Failed password for invalid user student from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57159 ssh2
Nov 26 08:32:36 pve sshd[509882]: Received disconnect from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57159:11: SSH client disconnected [preauth]
Nov 26 08:32:36 pve sshd[509882]: Disconnected from invalid user student 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57159 [preauth]
Nov 26 08:33:17 pve sshd[510150]: Invalid user server from fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33308
Nov 26 08:33:17 pve sshd[510150]: pam_unix(sshd:auth): check pass; user unknown
Nov 26 08:33:17 pve sshd[510150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=fe80::96fb:a7ff:fe62:a62f%vmbr2
Nov 26 08:33:18 pve sshd[510150]: Failed password for invalid user server from fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33308 ssh2
Nov 26 08:33:20 pve sshd[510150]: Received disconnect from fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33308:11: SSH client disconnected [preauth]
Nov 26 08:33:20 pve sshd[510150]: Disconnected from invalid user server fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33308 [preauth]
Nov 26 08:33:20 pve sshd[510171]: Invalid user 22 from fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33309
Nov 26 08:33:20 pve sshd[510171]: pam_unix(sshd:auth): check pass; user unknown
Nov 26 08:33:20 pve sshd[510171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=fe80::96fb:a7ff:fe62:a62f%vmbr2
Nov 26 08:33:21 pve sshd[510171]: Failed password for invalid user 22 from fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33309 ssh2
Nov 26 08:33:22 pve sshd[510171]: Received disconnect from fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33309:11: SSH client disconnected [preauth]
Nov 26 08:33:22 pve sshd[510171]: Disconnected from invalid user 22 fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33309 [preauth]
Nov 26 08:33:23 pve sshd[510190]: Invalid user hdfs from fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33310
Nov 26 08:33:23 pve sshd[510190]: pam_unix(sshd:auth): check pass; user unknown
Nov 26 08:33:23 pve sshd[510190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=fe80::96fb:a7ff:fe62:a62f%vmbr2
Nov 26 08:33:25 pve sshd[510190]: Failed password for invalid user hdfs from fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33310 ssh2
Nov 26 08:33:26 pve sshd[510190]: Received disconnect from fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33310:11: SSH client disconnected [preauth]
Nov 26 08:33:26 pve sshd[510190]: Disconnected from invalid user hdfs fe80::96fb:a7ff:fe62:a62f%vmbr2 port 33310 [preauth]
Nov 26 08:33:36 pve sshd[510291]: Invalid user webmaster from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57163
Nov 26 08:33:36 pve sshd[510291]: pam_unix(sshd:auth): check pass; user unknown
Nov 26 08:33:36 pve sshd[510291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2405:201:1007:195:96fb:a7ff:fe62:a62f
Nov 26 08:33:38 pve sshd[510291]: Failed password for invalid user webmaster from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57163 ssh2
Nov 26 08:33:38 pve sshd[510291]: Received disconnect from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57163:11: SSH client disconnected [preauth]
Nov 26 08:33:38 pve sshd[510291]: Disconnected from invalid user webmaster 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57163 [preauth]
Nov 26 08:33:39 pve sshd[510295]: Invalid user osmc from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57164
Nov 26 08:33:39 pve sshd[510295]: pam_unix(sshd:auth): check pass; user unknown
Nov 26 08:33:39 pve sshd[510295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2405:201:1007:195:96fb:a7ff:fe62:a62f
Nov 26 08:33:41 pve sshd[510295]: Failed password for invalid user osmc from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57164 ssh2
Nov 26 08:33:41 pve sshd[510295]: Received disconnect from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57164:11: SSH client disconnected [preauth]
Nov 26 08:33:41 pve sshd[510295]: Disconnected from invalid user osmc 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57164 [preauth]
Nov 26 08:33:41 pve sshd[510314]: Invalid user c from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57165
Nov 26 08:33:41 pve sshd[510314]: pam_unix(sshd:auth): check pass; user unknown
Nov 26 08:33:41 pve sshd[510314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2405:201:1007:195:96fb:a7ff:fe62:a62f
Nov 26 08:33:43 pve sshd[510314]: Failed password for invalid user c from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57165 ssh2
Nov 26 08:33:43 pve sshd[510314]: Received disconnect from 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57165:11: SSH client disconnected [preauth]
Nov 26 08:33:43 pve sshd[510314]: Disconnected from invalid user c 2405:201:1007:195:96fb:a7ff:fe62:a62f port 57165 [preauth]
what could be the reason?
Is there something wrongly configured on my proxmox node?
 
I don't know anything about your configuration, so its hard to advise. May be you have a way to enable firewall on your router?
May be Proxmox firewall can help: https://pve.proxmox.com/wiki/Firewall
https://www.naturalborncoder.com/2023/07/proxmox-firewall/#google_vignette

I'd search internet for some guides and read them carefully. A wrong firewall rule can block your access as well.

Good luck

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
  • Like
Reactions: avidesh
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom