error: maximum authentication attempts exceeded for root from 127.0.0.1
Hello Observium,
Just curious about what this means:
Jan 7 06:51:40 mon sshd[4607]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 57494 ssh2 [preauth] Jan 7 06:51:40 mon sshd[4613]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 57496 ssh2 [preauth] Jan 7 12:53:13 mon sshd[2300]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 60920 ssh2 [preauth] Jan 7 12:53:13 mon sshd[2306]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 60922 ssh2 [preauth] Jan 7 18:33:51 mon sshd[18311]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 34286 ssh2 [preauth] Jan 7 18:33:51 mon sshd[18317]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 34288 ssh2 [preauth] Jan 8 00:52:20 mon sshd[30357]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 39526 ssh2 [preauth] Jan 8 00:52:20 mon sshd[30363]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 39528 ssh2 [preauth] Jan 8 06:51:43 mon sshd[350]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 43064 ssh2 [preauth] Jan 8 06:51:43 mon sshd[362]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 43066 ssh2 [preauth] Jan 8 12:54:53 mon sshd[9955]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 46520 ssh2 [preauth] Jan 8 12:54:54 mon sshd[9961]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 46522 ssh2 [preauth] Jan 8 18:34:40 mon sshd[22397]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 48052 ssh2 [preauth] Jan 8 18:34:40 mon sshd[22403]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 48054 ssh2 [preauth] Jan 9 00:33:45 mon sshd[26212]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 51466 ssh2 [preauth] Jan 9 00:33:45 mon sshd[26218]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 51468 ssh2 [preauth] Jan 9 06:52:49 mon sshd[17401]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 56818 ssh2 [preauth] Jan 9 06:52:49 mon sshd[17407]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 56820 ssh2 [preauth]
We lost all monitoring about this time, is it possibly related?
Something that has access to localhost is attempting to login to localhost as root over SSH... so either the user at localhost doesn't have root access already, or something else is trying to login, let's say, password auth instead of key auth. Too many attempts have been done, so it has blocked further attempts. I don't think it is related to Observium unless you are doing some kind of SSH connection. Check /var/log/auth.log. Also looks like it runs on schedule every 6 hours so check your cron for things that do SSH locally?
On Tue, Jan 9, 2018 at 12:30 PM, Timothy Illguth tillguth@alaska.edu wrote:
Hello Observium,
Just curious about what this means:
Jan 7 06:51:40 mon sshd[4607]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 57494 ssh2 [preauth] Jan 7 06:51:40 mon sshd[4613]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 57496 ssh2 [preauth] Jan 7 12:53:13 mon sshd[2300]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 60920 ssh2 [preauth] Jan 7 12:53:13 mon sshd[2306]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 60922 ssh2 [preauth] Jan 7 18:33:51 mon sshd[18311]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 34286 ssh2 [preauth] Jan 7 18:33:51 mon sshd[18317]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 34288 ssh2 [preauth] Jan 8 00:52:20 mon sshd[30357]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 39526 ssh2 [preauth] Jan 8 00:52:20 mon sshd[30363]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 39528 ssh2 [preauth] Jan 8 06:51:43 mon sshd[350]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 43064 ssh2 [preauth] Jan 8 06:51:43 mon sshd[362]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 43066 ssh2 [preauth] Jan 8 12:54:53 mon sshd[9955]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 46520 ssh2 [preauth] Jan 8 12:54:54 mon sshd[9961]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 46522 ssh2 [preauth] Jan 8 18:34:40 mon sshd[22397]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 48052 ssh2 [preauth] Jan 8 18:34:40 mon sshd[22403]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 48054 ssh2 [preauth] Jan 9 00:33:45 mon sshd[26212]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 51466 ssh2 [preauth] Jan 9 00:33:45 mon sshd[26218]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 51468 ssh2 [preauth] Jan 9 06:52:49 mon sshd[17401]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 56818 ssh2 [preauth] Jan 9 06:52:49 mon sshd[17407]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 56820 ssh2 [preauth]
We lost all monitoring about this time, is it possibly related?
-- ___________________________ Tim Illguth Jr. Systems Administrator Alaska Satellite Facility (907) 474-7924
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
If libvirt discovery is enabled, Observium will try to connect to your machine - likely via SSH - to find VMs using virsh. This runs in discovery, so it does coincide with the default "run discovery every 6 hours" ...
Tom
On 09/01/2018 21:47, Cody Cook wrote:
Something that has access to localhost is attempting to login to localhost as root over SSH... so either the user at localhost doesn't have root access already, or something else is trying to login, let's say, password auth instead of key auth. Too many attempts have been done, so it has blocked further attempts. I don't think it is related to Observium unless you are doing some kind of SSH connection. Check /var/log/auth.log. Also looks like it runs on schedule every 6 hours so check your cron for things that do SSH locally?
On Tue, Jan 9, 2018 at 12:30 PM, Timothy Illguth <tillguth@alaska.edu mailto:tillguth@alaska.edu> wrote:
Hello Observium, Just curious about what this means: Jan 7 06:51:40 mon sshd[4607]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 57494 ssh2 [preauth] Jan 7 06:51:40 mon sshd[4613]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 57496 ssh2 [preauth] Jan 7 12:53:13 mon sshd[2300]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 60920 ssh2 [preauth] Jan 7 12:53:13 mon sshd[2306]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 60922 ssh2 [preauth] Jan 7 18:33:51 mon sshd[18311]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 34286 ssh2 [preauth] Jan 7 18:33:51 mon sshd[18317]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 34288 ssh2 [preauth] Jan 8 00:52:20 mon sshd[30357]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 39526 ssh2 [preauth] Jan 8 00:52:20 mon sshd[30363]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 39528 ssh2 [preauth] Jan 8 06:51:43 mon sshd[350]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 43064 ssh2 [preauth] Jan 8 06:51:43 mon sshd[362]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 43066 ssh2 [preauth] Jan 8 12:54:53 mon sshd[9955]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 46520 ssh2 [preauth] Jan 8 12:54:54 mon sshd[9961]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 46522 ssh2 [preauth] Jan 8 18:34:40 mon sshd[22397]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 48052 ssh2 [preauth] Jan 8 18:34:40 mon sshd[22403]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 48054 ssh2 [preauth] Jan 9 00:33:45 mon sshd[26212]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 51466 ssh2 [preauth] Jan 9 00:33:45 mon sshd[26218]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 51468 ssh2 [preauth] Jan 9 06:52:49 mon sshd[17401]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 56818 ssh2 [preauth] Jan 9 06:52:49 mon sshd[17407]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 56820 ssh2 [preauth] We lost all monitoring about this time, is it possibly related? -- ___________________________ Tim Illguth Jr. Systems Administrator Alaska Satellite Facility (907) 474-7924 <tel:%28907%29%20474-7924> _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium>
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
participants (3)
-
Cody Cook -
Timothy Illguth -
Tom Laermans