Join Log in
Score:0
user312087 avatar Ubuntu

Why do I see login requests for various ports although the router and the firewall only permit port 22?

cn flag
user312087

I want to login into the Desktop of my Ubuntu 18.04 machine remotely from the internet.

I therefore enabled port forwarding for port 22 in my (fritz.box) router.

Additionally I activated the firewall and allowed only requests to port 22 from outside:

$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)

Nevertheless I can see the following log entries in my /var/log/auth.log file (I changed my computer name and the ip addresses from the originators of the requests).

My question is: why do I see these entries for ports different than 22?

Remark: Presently, I allow login via password (but I will disable this with the next try I want to make by allowing only logins via the private/public key pattern).

Dec 21 06:56:05 this-is-my-computer-name sshd[26654]: Disconnected from invalid user user IP_ADDRESS_1_IN_A_FOREIGN_COUNTRY port 51904 [preauth]
Dec 21 06:56:50 this-is-my-computer-name sshd[26656]: Invalid user user from IP_ADDRESS_1_IN_A_FOREIGN_COUNTRY port 53030
Dec 21 06:56:50 this-is-my-computer-name sshd[26656]: pam_unix(sshd:auth): check pass; user unknown
Dec 21 06:56:50 this-is-my-computer-name sshd[26656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP_ADDRESS_1_IN_A_FOREIGN_COUNTRY
Dec 21 06:56:51 this-is-my-computer-name sshd[26656]: Failed password for invalid user user from IP_ADDRESS_1_IN_A_FOREIGN_COUNTRY port 53030 ssh2
Dec 21 06:56:52 this-is-my-computer-name sshd[26656]: Received disconnect from IP_ADDRESS_1_IN_A_FOREIGN_COUNTRY port 53030:11: Normal Shutdown, Thank you for playing [preauth]
Dec 21 06:56:52 this-is-my-computer-name sshd[26656]: Disconnected from invalid user user IP_ADDRESS_1_IN_A_FOREIGN_COUNTRY port 53030 [preauth]
Dec 21 07:09:01 this-is-my-computer-name CRON[26678]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 21 07:09:01 this-is-my-computer-name CRON[26678]: pam_unix(cron:session): session closed for user root
Dec 21 07:17:01 this-is-my-computer-name CRON[26732]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 21 07:17:01 this-is-my-computer-name CRON[26732]: pam_unix(cron:session): session closed for user root
Dec 21 07:19:37 this-is-my-computer-name sshd[26736]: Did not receive identification string from IP_ADDRESS_2_IN_A_FOREIGN_COUNTRY port 57230
Dec 21 07:20:42 this-is-my-computer-name sshd[26738]: Invalid user user from IP_ADDRESS_2_IN_A_FOREIGN_COUNTRY port 39416
Dec 21 07:20:42 this-is-my-computer-name sshd[26738]: pam_unix(sshd:auth): check pass; user unknown
Dec 21 07:20:42 this-is-my-computer-name sshd[26738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP_ADDRESS_2_IN_A_FOREIGN_COUNTRY
Dec 21 07:20:45 this-is-my-computer-name sshd[26738]: Failed password for invalid user user from IP_ADDRESS_2_IN_A_FOREIGN_COUNTRY port 39416 ssh2
Dec 21 07:20:45 this-is-my-computer-name sshd[26738]: Received disconnect from IP_ADDRESS_2_IN_A_FOREIGN_COUNTRY port 39416:11: Normal Shutdown, Thank you for playing [preauth]
Dec 21 07:20:45 this-is-my-computer-name sshd[26738]: Disconnected from invalid user user IP_ADDRESS_2_IN_A_FOREIGN_COUNTRY port 39416 [preauth]
Dec 21 07:21:37 this-is-my-computer-name sshd[26741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY  user=root
Dec 21 07:21:39 this-is-my-computer-name sshd[26741]: Failed password for root from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 20851 ssh2
Dec 21 07:21:44 this-is-my-computer-name sshd[26741]: message repeated 2 times: [ Failed password for root from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 20851 ssh2]
Dec 21 07:21:45 this-is-my-computer-name sshd[26741]: Received disconnect from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 20851:11:  [preauth]
Dec 21 07:21:45 this-is-my-computer-name sshd[26741]: Disconnected from authenticating user root IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 20851 [preauth]
Dec 21 07:21:45 this-is-my-computer-name sshd[26741]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY  user=root
Dec 21 07:21:47 this-is-my-computer-name sshd[26743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY  user=root
Dec 21 07:21:49 this-is-my-computer-name sshd[26743]: Failed password for root from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 37120 ssh2
Dec 21 07:21:54 this-is-my-computer-name sshd[26743]: message repeated 2 times: [ Failed password for root from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 37120 ssh2]
Dec 21 07:21:54 this-is-my-computer-name sshd[26743]: Received disconnect from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 37120:11:  [preauth]
Dec 21 07:21:54 this-is-my-computer-name sshd[26743]: Disconnected from authenticating user root IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 37120 [preauth]
Dec 21 07:21:54 this-is-my-computer-name sshd[26743]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY  user=root
Dec 21 07:21:57 this-is-my-computer-name sshd[26745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY  user=root
Dec 21 07:21:58 this-is-my-computer-name sshd[26745]: Failed password for root from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 42983 ssh2
Dec 21 07:22:03 this-is-my-computer-name sshd[26745]: message repeated 2 times: [ Failed password for root from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 42983 ssh2]
Dec 21 07:22:03 this-is-my-computer-name sshd[26745]: Received disconnect from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 42983:11:  [preauth]
Dec 21 07:22:03 this-is-my-computer-name sshd[26745]: Disconnected from authenticating user root IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 42983 [preauth]
Dec 21 07:22:03 this-is-my-computer-name sshd[26745]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY  user=root
Dec 21 07:22:05 this-is-my-computer-name sshd[26747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY  user=root
Dec 21 07:22:08 this-is-my-computer-name sshd[26747]: Failed password for root from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 43076 ssh2
Dec 21 07:22:13 this-is-my-computer-name sshd[26747]: message repeated 2 times: [ Failed password for root from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 43076 ssh2]
Dec 21 07:22:13 this-is-my-computer-name sshd[26747]: Received disconnect from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 43076:11:  [preauth]
Dec 21 07:22:13 this-is-my-computer-name sshd[26747]: Disconnected from authenticating user root IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 43076 [preauth]
Dec 21 07:22:13 this-is-my-computer-name sshd[26747]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY  user=root
Dec 21 07:22:15 this-is-my-computer-name sshd[26749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY  user=root
Dec 21 07:22:18 this-is-my-computer-name sshd[26749]: Failed password for root from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 49861 ssh2
Dec 21 07:22:22 this-is-my-computer-name sshd[26749]: message repeated 2 times: [ Failed password for root from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 49861 ssh2]
Dec 21 07:22:23 this-is-my-computer-name sshd[26749]: Received disconnect from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 49861:11:  [preauth]
Dec 21 07:22:23 this-is-my-computer-name sshd[26749]: Disconnected from authenticating user root IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 49861 [preauth]
Dec 21 07:22:23 this-is-my-computer-name sshd[26749]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY  user=root
Dec 21 07:22:25 this-is-my-computer-name sshd[26751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY  user=root
Dec 21 07:22:27 this-is-my-computer-name sshd[26751]: Failed password for root from IP_ADDRESS_3_IN_A_FOREIGN_COUNTRY port 53988 ssh2
33
0 + 0
ssh
ufw
waltinator avatar
it flag
waltinator
Every nanosecond you're connected to the Internet, the Internet is connected to you. There are bad people on the Internet. Investigate `fail2ban`.
1
Reply
Doug Smythies avatar
gn flag
Doug Smythies
The ports listed are source ports. The destination port was 22 and so UFW allows the packets.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.