What exactly do you mean, please highlight relevant information, and preferred as text.
Is it the ssh command to 92.242.140.2? That's an outgoing command to gather information from an configured ZFS storage. Do you have configured such a storage?
Do you have the PVE hosts webinterface or SSH exposed to the internet, e.g. via NAT?
Because if not, nobody from outside the LAN is able to login.
Is it the ssh command to 92.242.140.2? That's an outgoing command to gather information from an configured ZFS storage. Do you have configured such a storage?
Do you have the PVE hosts webinterface or SSH exposed to the internet, e.g. via NAT?
Because if not, nobody from outside the LAN is able to login.
yes it is the foreign ip that is concerning me. this box should be entirely local, with no external connections. the exception to that would be for updates and ntp server updates. when i looked up the ip, it had been flagged in multiple databases as hostile. i just dont understand how someone could penetrate my nat. should i assume that one of my internal systems have been compromised?