我安装了18.04的ubuntu server。通过Xshell登录时,一直出现SSH服务器拒绝了密码这个提示。输错了密码,输对了密码,都是这个提示。不知道为什么。
我已经把/etc/ssh/sshd_config中PermitRootLogin改为yes了。
跪求支持,可以发小红包以表达谢意!
SSH服务器拒绝了密码
-
hpandsun
- 帖子: 13
- 注册时间: 2019-07-06 16:29
- 系统: win7
-
astolia
- 论坛版主
- 帖子: 6456
- 注册时间: 2008-09-18 13:11
Re: SSH服务器拒绝了密码
把/etc/ssh/sshd_config里面全部内容都贴出来
-
hpandsun
- 帖子: 13
- 注册时间: 2019-07-06 16:29
- 系统: win7
Re: SSH服务器拒绝了密码
# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
LoginGraceTime 120
#PermitRootLogin prohibit-password
PermitRootLogin yes
StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
PasswordAuthentication yes
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
LoginGraceTime 120
#PermitRootLogin prohibit-password
PermitRootLogin yes
StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
PasswordAuthentication yes
-
astolia
- 论坛版主
- 帖子: 6456
- 注册时间: 2008-09-18 13:11
Re: SSH服务器拒绝了密码
你安装后,以普通用户身份登录上去用sudo passwd设置过root密码没有?
默认root密码记得是没有设置的,root密码不是你用sudo时输入的普通用户密码
默认root密码记得是没有设置的,root密码不是你用sudo时输入的普通用户密码
-
hpandsun
- 帖子: 13
- 注册时间: 2019-07-06 16:29
- 系统: win7
Re: SSH服务器拒绝了密码
设置过root的密码。
-
hpandsun
- 帖子: 13
- 注册时间: 2019-07-06 16:29
- 系统: win7
Re: SSH服务器拒绝了密码
我设置过root密码。我的ubunt安装在一个联想笔记本电脑上。在台式机上,无论是用root用户,还是别的用户,xshell登录报的都是同样的错。我在联想笔记本电脑上安装openssh-client,可以SSH到本机。我的台式机,也可以xshell到别的ubuntun上(18.04)。
我真正想解决的问题,如何用一个较简单的方法,把别的UBUNTU+LNMP+Application复制出来,并可以使用。
我真正想解决的问题,如何用一个较简单的方法,把别的UBUNTU+LNMP+Application复制出来,并可以使用。
-
hpandsun
- 帖子: 13
- 注册时间: 2019-07-06 16:29
- 系统: win7
Re: SSH服务器拒绝了密码
更一般的问题是:如何把一个包含应用的ubuntu做成一个可引导的完整备份?就像IBM AIX的mksysb这样的功能
-
hpandsun
- 帖子: 13
- 注册时间: 2019-07-06 16:29
- 系统: win7
Re: SSH服务器拒绝了密码
我是从官网上下的ubutn,安装之后,也没有出现图形界面。有点奇怪。18.04。1安装之后,就是图形界面。18.04.2和19.04都不是图形界面。
-
astolia
- 论坛版主
- 帖子: 6456
- 注册时间: 2008-09-18 13:11
Re: SSH服务器拒绝了密码
server版默认不带图形界面。你18.04.1是不是下载了desktop版
你在sshd_config里,把LogLevel设成DEBUG3,看一下sshd在登录时的日志呢?你的台式机上安装openssh,用-vvv参数也看一下连接时的日志
单纯全盘备份的话,直接dd,clonezilla,diskgenius之类的工具
有mondo或rear之类现成的软件
http://www.mondorescue.org/
http://relax-and-recover.org/
两个都在源里,可以直接apt install mondo rear来安装
-
hpandsun
- 帖子: 13
- 注册时间: 2019-07-06 16:29
- 系统: win7
Re: SSH服务器拒绝了密码
putty或者xshell,还是登录不上。我看日志:sshd{1644},user not authenticated 。真是百思不得其解。请求支援。我愿意请求有偿支持。谢谢!
-
hpandsun
- 帖子: 13
- 注册时间: 2019-07-06 16:29
- 系统: win7
Re: SSH服务器拒绝了密码
sshd[1644] usetauth_finish:failure partial=0 next method=public
send packet :type 51[preauth]
pam_unix(sudo:session):session closed for user root
是不是有这种可能:安装时应该不选安装openssh ? Ubunt不支持笔记本电脑?为什么安装完成不是图形界面是字符界面?我以前安装18.04.1缺省是图形界面?
已经折腾我很长时间?我愿意请求有偿支援。谢谢!
send packet :type 51[preauth]
pam_unix(sudo:session):session closed for user root
是不是有这种可能:安装时应该不选安装openssh ? Ubunt不支持笔记本电脑?为什么安装完成不是图形界面是字符界面?我以前安装18.04.1缺省是图形界面?
已经折腾我很长时间?我愿意请求有偿支援。谢谢!
-
astolia
- 论坛版主
- 帖子: 6456
- 注册时间: 2008-09-18 13:11
Re: SSH服务器拒绝了密码
我上面都说了,server版默认不安装图形界面。你以前安装的是desktop版吧
没有
没这回事
能不能把整段日志发上来
-
zzugyl
- 帖子: 356
- 注册时间: 2011-03-07 17:26
- 系统: Ubuntu 20.04.3 LTS
-
hpandsun
- 帖子: 13
- 注册时间: 2019-07-06 16:29
- 系统: win7
Re: SSH服务器拒绝了密码
换成2222端口,是连不上。
日志如下:
Jul 12 00:36:16 server1 useradd[1162]: new group: name=jjna, GID=1000
Jul 12 00:36:16 server1 useradd[1162]: new user: name=jjna, UID=1000, GID=1000, home=/home/jjna, shell=/bin/bash
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to group 'adm'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to group 'cdrom'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to group 'sudo'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to group 'dip'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to group 'plugdev'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to group 'lxd'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to shadow group 'adm'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to shadow group 'cdrom'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to shadow group 'sudo'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to shadow group 'dip'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to shadow group 'plugdev'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to shadow group 'lxd'
Jul 12 00:36:16 server1 systemd-logind[1383]: New seat seat0.
Jul 12 00:36:16 server1 systemd-logind[1383]: Watching system buttons on /dev/input/event2 (Power Button)
Jul 12 00:36:16 server1 systemd-logind[1383]: Watching system buttons on /dev/input/event0 (Lid Switch)
Jul 12 00:36:16 server1 systemd-logind[1383]: Watching system buttons on /dev/input/event1 (Sleep Button)
Jul 12 00:36:16 server1 systemd-logind[1383]: Watching system buttons on /dev/input/event3 (AT Translated Set 2 keyboard)
Jul 12 00:36:56 server1 login[1460]: pam_unix(login:session): session opened for user jjna by LOGIN(uid=0)
Jul 12 00:36:56 server1 systemd-logind[1383]: New session 1 of user jjna.
Jul 12 00:36:56 server1 systemd: pam_unix(systemd-user:session): session opened for user jjna by (uid=0)
Jul 12 00:37:09 server1 sudo: jjna : TTY=tty1 ; PWD=/home/jjna ; USER=root ; COMMAND=/sbin/ifconfig
Jul 12 00:37:09 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:37:09 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:37:15 server1 sudo: jjna : TTY=tty1 ; PWD=/home/jjna ; USER=root ; COMMAND=/usr/bin/apt-get update
Jul 12 00:37:15 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:37:19 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:37:42 server1 sudo: jjna : TTY=tty1 ; PWD=/home/jjna ; USER=root ; COMMAND=/usr/bin/apt-get install openssh-server
Jul 12 00:37:42 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:38:04 server1 useradd[2952]: new user: name=sshd, UID=110, GID=65534, home=/run/sshd, shell=/usr/sbin/nologin
Jul 12 00:38:05 server1 usermod[2958]: change user 'sshd' password
Jul 12 00:38:05 server1 chage[2963]: changed password expiry for sshd
Jul 12 00:38:06 server1 sshd[3087]: Server listening on 0.0.0.0 port 22.
Jul 12 00:38:06 server1 sshd[3087]: Server listening on :: port 22.
Jul 12 00:38:09 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:41:10 server1 sshd[3182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.107 user=jjna
Jul 12 00:41:12 server1 sshd[3182]: Failed password for jjna from 192.168.0.107 port 62031 ssh2
Jul 12 00:41:23 server1 sshd[3182]: Failed password for jjna from 192.168.0.107 port 62031 ssh2
Jul 12 00:42:40 server1 sshd[3182]: Connection closed by authenticating user jjna 192.168.0.107 port 62031 [preauth]
Jul 12 00:42:40 server1 sshd[3182]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.107 user=jjna
Jul 12 00:43:36 server1 sudo: jjna : TTY=tty1 ; PWD=/home/jjna ; USER=root ; COMMAND=/usr/sbin/ufw status
Jul 12 00:43:36 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:43:36 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:44:10 server1 sudo: jjna : TTY=tty1 ; PWD=/home/jjna ; USER=root ; COMMAND=/usr/sbin/ufw disable
Jul 12 00:44:10 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:44:10 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:44:20 server1 sudo: jjna : TTY=tty1 ; PWD=/home/jjna ; USER=root ; COMMAND=/usr/sbin/ufw status
Jul 12 00:44:20 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:44:20 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:44:35 server1 sudo: jjna : TTY=tty1 ; PWD=/home/jjna ; USER=root ; COMMAND=/usr/bin/apt-get remove ufw
Jul 12 00:44:35 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:44:42 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:45:37 server1 sshd[3523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.107 user=jjna
Jul 12 00:45:39 server1 sshd[3523]: Failed password for jjna from 192.168.0.107 port 62373 ssh2
Jul 12 00:45:51 server1 sshd[3523]: message repeated 2 times: [ Failed password for jjna from 192.168.0.107 port 62373 ssh2]
Jul 12 00:46:12 server1 sudo: jjna : TTY=tty1 ; PWD=/etc/ssh ; USER=root ; COMMAND=/usr/bin/vi sshd_config
Jul 12 00:46:12 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:48:03 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:48:04 server1 sudo: jjna : TTY=tty1 ; PWD=/etc/ssh ; USER=root ; COMMAND=/usr/bin/vi sshd_config
Jul 12 00:48:04 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:49:49 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:49:55 server1 sudo: jjna : TTY=tty1 ; PWD=/etc/ssh ; USER=root ; COMMAND=/sbin/reboot
Jul 12 00:49:55 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:50:36 server1 systemd-logind[1066]: New seat seat0.
Jul 12 00:50:36 server1 systemd-logind[1066]: Watching system buttons on /dev/input/event2 (Power Button)
Jul 12 00:50:36 server1 systemd-logind[1066]: Watching system buttons on /dev/input/event0 (Lid Switch)
Jul 12 00:50:36 server1 systemd-logind[1066]: Watching system buttons on /dev/input/event1 (Sleep Button)
Jul 12 00:50:36 server1 systemd-logind[1066]: Watching system buttons on /dev/input/event3 (AT Translated Set 2 keyboard)
Jul 12 00:50:40 server1 sshd[1370]: debug3: already daemonized
Jul 12 00:50:40 server1 sshd[1370]: debug3: oom_adjust_setup
Jul 12 00:50:40 server1 sshd[1370]: debug1: Set /proc/self/oom_score_adj from 0 to -1000
Jul 12 00:50:40 server1 sshd[1370]: debug2: fd 3 setting O_NONBLOCK
Jul 12 00:50:40 server1 sshd[1370]: debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
Jul 12 00:50:40 server1 sshd[1370]: debug1: Bind to port 22 on ::.
Jul 12 00:50:40 server1 sshd[1370]: Server listening on :: port 22.
Jul 12 00:50:40 server1 sshd[1370]: debug2: fd 4 setting O_NONBLOCK
Jul 12 00:50:40 server1 sshd[1370]: debug1: Bind to port 22 on 0.0.0.0.
Jul 12 00:50:40 server1 sshd[1370]: Server listening on 0.0.0.0 port 22.
Jul 12 00:51:42 server1 login[1302]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=jjna
Jul 12 00:51:45 server1 login[1302]: FAILED LOGIN (1) on '/dev/tty1' FOR 'jjna', Authentication failure
Jul 12 00:51:53 server1 login[1302]: pam_unix(login:session): session opened for user jjna by LOGIN(uid=0)
Jul 12 00:51:53 server1 systemd-logind[1066]: New session 1 of user jjna.
Jul 12 00:51:53 server1 systemd: pam_unix(systemd-user:session): session opened for user jjna by (uid=0)
Jul 12 00:52:22 server1 sudo: jjna : TTY=tty1 ; PWD=/etc/ssh ; USER=root ; COMMAND=/usr/bin/vi sshd_config
Jul 12 00:52:22 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:54:32 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:54:36 server1 sudo: jjna : TTY=tty1 ; PWD=/etc/ssh ; USER=root ; COMMAND=/sbin/reboot
Jul 12 00:54:36 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:54:36 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:55:16 server1 systemd-logind[1004]: New seat seat0.
Jul 12 00:55:16 server1 systemd-logind[1004]: Watching system buttons on /dev/input/event2 (Power Button)
Jul 12 00:55:16 server1 systemd-logind[1004]: Watching system buttons on /dev/input/event0 (Lid Switch)
Jul 12 00:55:16 server1 systemd-logind[1004]: Watching system buttons on /dev/input/event1 (Sleep Button)
Jul 12 00:55:16 server1 systemd-logind[1004]: Watching system buttons on /dev/input/event3 (AT Translated Set 2 keyboard)
Jul 12 00:55:16 server1 sshd[1166]: debug3: already daemonized
Jul 12 00:55:16 server1 sshd[1166]: debug3: oom_adjust_setup
Jul 12 00:55:16 server1 sshd[1166]: debug1: Set /proc/self/oom_score_adj from 0 to -1000
Jul 12 00:55:16 server1 sshd[1166]: debug2: fd 3 setting O_NONBLOCK
Jul 12 00:55:16 server1 sshd[1166]: debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
Jul 12 00:55:16 server1 sshd[1166]: debug1: Bind to port 22 on ::.
Jul 12 00:55:16 server1 sshd[1166]: Server listening on :: port 22.
Jul 12 00:55:16 server1 sshd[1166]: debug2: fd 4 setting O_NONBLOCK
Jul 12 00:55:16 server1 sshd[1166]: debug1: Bind to port 22 on 0.0.0.0.
Jul 12 00:55:16 server1 sshd[1166]: Server listening on 0.0.0.0 port 22.
Jul 12 00:56:27 server1 login[1173]: pam_unix(login:session): session opened for user jjna by LOGIN(uid=0)
Jul 12 00:56:27 server1 systemd-logind[1004]: New session 1 of user jjna.
Jul 12 00:56:27 server1 systemd: pam_unix(systemd-user:session): session opened for user jjna by (uid=0)
Jul 12 00:56:48 server1 sshd[1166]: debug3: fd 5 is not O_NONBLOCK
Jul 12 00:56:48 server1 sshd[1166]: debug1: Forked child 1553.
Jul 12 00:56:48 server1 sshd[1166]: debug3: send_rexec_state: entering fd = 8 config len 356
Jul 12 00:56:48 server1 sshd[1166]: debug3: ssh_msg_send: type 0
Jul 12 00:56:48 server1 sshd[1166]: debug3: send_rexec_state: done
Jul 12 00:56:48 server1 sshd[1553]: debug3: oom_adjust_restore
Jul 12 00:56:48 server1 sshd[1553]: debug1: Set /proc/self/oom_score_adj to 0
Jul 12 00:56:48 server1 sshd[1553]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Jul 12 00:56:48 server1 sshd[1553]: debug1: inetd sockets after dupping: 3, 3
Jul 12 00:56:48 server1 sshd[1553]: Connection from 192.168.0.107 port 62977 on 192.168.0.105 port 22
Jul 12 00:56:48 server1 sshd[1553]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.71
Jul 12 00:56:48 server1 sshd[1553]: debug1: no match: PuTTY_Release_0.71
Jul 12 00:56:48 server1 sshd[1553]: debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
Jul 12 00:56:48 server1 sshd[1553]: debug2: fd 3 setting O_NONBLOCK
Jul 12 00:56:48 server1 sshd[1553]: debug3: ssh_sandbox_init: preparing seccomp filter sandbox
Jul 12 00:56:48 server1 sshd[1553]: debug2: Network child is on pid 1559
Jul 12 00:56:48 server1 sshd[1553]: debug3: preauth child monitor started
Jul 12 00:56:48 server1 sshd[1553]: debug3: privsep user:group 110:65534 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: permanently_set_uid: 110/65534 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: send packet: type 20 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: receive packet: type 20 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: SSH2_MSG_KEXINIT received [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: local server KEXINIT proposal [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: compression ctos: none,zlib@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: compression stoc: none,zlib@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: languages ctos: [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: languages stoc: [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: first_kex_follows 0 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: reserved 0 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: peer client KEXINIT proposal [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,rsa2048-sha256,rsa1024-sha1,diffie-hellman-group1-sha1 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: ciphers ctos: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,chacha20-poly1305@openssh.com,3des-ctr,3des-cbc,blowfish-ctr,blowfish-cbc,arcfour256,arcfour128 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: ciphers stoc: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,chacha20-poly1305@openssh.com,3des-ctr,3des-cbc,blowfish-ctr,blowfish-cbc,arcfour256,arcfour128 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: MACs ctos: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-etm@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: MACs stoc: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-etm@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: compression ctos: none,zlib,zlib@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: compression stoc: none,zlib,zlib@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: languages ctos: [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: languages stoc: [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: first_kex_follows 0 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: reserved 0 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: receive packet: type 30 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_key_sign entering [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_request_send entering: type 6 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_request_receive_expect entering: type 7 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_request_receive entering [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_request_receive entering
Jul 12 00:56:48 server1 sshd[1553]: debug3: monitor_read: checking request 6
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_answer_sign
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_answer_sign: hostkey proof signature 0x5619332a8c70(83)
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_request_send entering: type 7
Jul 12 00:56:48 server1 sshd[1553]: debug2: monitor_read: 6 used once, disabling now
Jul 12 00:56:48 server1 sshd[1553]: debug3: send packet: type 31 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: send packet: type 21 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: set_newkeys: mode 1 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: rekey after 4294967296 blocks [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: receive packet: type 21 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: set_newkeys: mode 0 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: rekey after 4294967296 blocks [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: KEX done [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: receive packet: type 5 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: send packet: type 6 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: receive packet: type 50 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug1: userauth-request for user jjna service ssh-connection method none [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug1: attempt 0 failures 0 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_getpwnamallow entering [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_send entering: type 8 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_receive_expect entering: type 9 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_receive entering [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_receive entering
Jul 12 00:56:53 server1 sshd[1553]: debug3: monitor_read: checking request 8
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_answer_pwnamallow
Jul 12 00:56:53 server1 sshd[1553]: debug2: parse_server_config: config reprocess config len 356
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_send entering: type 9
Jul 12 00:56:53 server1 sshd[1553]: debug2: monitor_read: 8 used once, disabling now
Jul 12 00:56:53 server1 sshd[1553]: debug2: input_userauth_request: setting up authctxt for jjna [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_start_pam entering [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_send entering: type 100 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_inform_authserv entering [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_send entering: type 4 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug2: input_userauth_request: try method none [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: send packet: type 51 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_receive entering
Jul 12 00:56:53 server1 sshd[1553]: debug3: monitor_read: checking request 100
Jul 12 00:56:53 server1 sshd[1553]: debug1: PAM: initializing for "jjna"
Jul 12 00:56:53 server1 sshd[1553]: debug1: PAM: setting PAM_RHOST to "192.168.0.107"
Jul 12 00:56:53 server1 sshd[1553]: debug1: PAM: setting PAM_TTY to "ssh"
Jul 12 00:56:53 server1 sshd[1553]: debug2: monitor_read: 100 used once, disabling now
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_receive entering
Jul 12 00:56:53 server1 sshd[1553]: debug3: monitor_read: checking request 4
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_answer_authserv: service=ssh-connection, style=, role=
Jul 12 00:56:53 server1 sshd[1553]: debug2: monitor_read: 4 used once, disabling now
Jul 12 00:56:58 server1 sshd[1553]: debug3: receive packet: type 2 [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: Received SSH2_MSG_IGNORE [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: receive packet: type 50 [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug1: userauth-request for user jjna service ssh-connection method password [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug1: attempt 1 failures 0 [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug2: input_userauth_request: try method password [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: mm_auth_password entering [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: mm_request_send entering: type 12 [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: mm_request_receive_expect entering: type 13 [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: mm_request_receive entering [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: mm_request_receive entering
Jul 12 00:56:58 server1 sshd[1553]: debug3: monitor_read: checking request 12
Jul 12 00:56:58 server1 sshd[1553]: debug3: PAM: sshpam_passwd_conv called with 1 messages
Jul 12 00:56:58 server1 sshd[1553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.107 user=jjna
Jul 12 00:57:00 server1 sshd[1553]: debug1: PAM: password authentication failed for jjna: Authentication failure
Jul 12 00:57:00 server1 sshd[1553]: debug3: mm_answer_authpassword: sending result 0
Jul 12 00:57:00 server1 sshd[1553]: debug3: mm_request_send entering: type 13
Jul 12 00:57:00 server1 sshd[1553]: Failed password for jjna from 192.168.0.107 port 62977 ssh2
Jul 12 00:57:00 server1 sshd[1553]: debug3: mm_auth_password: user not authenticated [preauth]
Jul 12 00:57:00 server1 sshd[1553]: debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]
Jul 12 00:57:00 server1 sshd[1553]: debug3: send packet: type 51 [preauth]
Jul 12 00:57:34 server1 sshd[1553]: Connection closed by authenticating user jjna 192.168.0.107 port 62977 [preauth]
Jul 12 00:57:34 server1 sshd[1553]: debug1: do_cleanup [preauth]
Jul 12 00:57:34 server1 sshd[1553]: debug3: PAM: sshpam_thread_cleanup entering [preauth]
Jul 12 00:57:34 server1 sshd[1553]: debug1: monitor_read_log: child log fd closed
Jul 12 00:57:34 server1 sshd[1553]: debug3: mm_request_receive entering
Jul 12 00:57:34 server1 sshd[1553]: debug1: do_cleanup
Jul 12 00:57:34 server1 sshd[1553]: debug1: PAM: cleanup
Jul 12 00:57:34 server1 sshd[1553]: debug3: PAM: sshpam_thread_cleanup entering
Jul 12 00:57:34 server1 sshd[1553]: debug1: Killing privsep child 1559
Jul 12 00:57:34 server1 sshd[1553]: debug1: audit_event: unhandled event 12
Jul 12 01:01:30 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/vi auth.log
Jul 12 01:01:30 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:02:09 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:02:36 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/sbin/fdisk -l
Jul 12 01:02:36 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:02:36 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:05:20 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/sbin/fdisk -l
Jul 12 01:05:20 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:05:20 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:05:50 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/bin/mount /dev/sdb /tmp
Jul 12 01:05:50 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:05:50 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:08:40 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/bin/umount /dev/sdb
Jul 12 01:08:40 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:08:40 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:09:06 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/sbin/mkfs.ntfs /dev/sdb
Jul 12 01:09:06 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:09:06 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:09:41 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/sbin/mkfs.ntfs /dev/sdb1
Jul 12 01:09:41 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:10:33 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:10:35 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/sbin/mkfs.ntfs /dev/sdb1
Jul 12 01:10:35 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:10:35 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:12:28 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/sbin/fdisk -l
Jul 12 01:12:28 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:12:28 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:12:35 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/sbin/mkfs.ntfs /dev/sdb1
Jul 12 01:12:35 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:17:01 server1 CRON[1777]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 12 01:17:01 server1 CRON[1777]: pam_unix(cron:session): session closed for user root
Jul 12 01:37:46 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:52:02 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/bin/mount /dev/sbd1 /tmp
Jul 12 01:52:02 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:52:02 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:52:58 server1 sudo: jjna : TTY=tty1 ; PWD=/ ; USER=root ; COMMAND=/bin/mount /dev/sdb1 /tmp
Jul 12 01:52:58 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:52:59 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:53:26 server1 sudo: jjna : TTY=tty1 ; PWD=/ ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Jul 12 01:53:26 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
日志如下:
Jul 12 00:36:16 server1 useradd[1162]: new group: name=jjna, GID=1000
Jul 12 00:36:16 server1 useradd[1162]: new user: name=jjna, UID=1000, GID=1000, home=/home/jjna, shell=/bin/bash
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to group 'adm'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to group 'cdrom'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to group 'sudo'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to group 'dip'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to group 'plugdev'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to group 'lxd'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to shadow group 'adm'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to shadow group 'cdrom'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to shadow group 'sudo'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to shadow group 'dip'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to shadow group 'plugdev'
Jul 12 00:36:16 server1 useradd[1162]: add 'jjna' to shadow group 'lxd'
Jul 12 00:36:16 server1 systemd-logind[1383]: New seat seat0.
Jul 12 00:36:16 server1 systemd-logind[1383]: Watching system buttons on /dev/input/event2 (Power Button)
Jul 12 00:36:16 server1 systemd-logind[1383]: Watching system buttons on /dev/input/event0 (Lid Switch)
Jul 12 00:36:16 server1 systemd-logind[1383]: Watching system buttons on /dev/input/event1 (Sleep Button)
Jul 12 00:36:16 server1 systemd-logind[1383]: Watching system buttons on /dev/input/event3 (AT Translated Set 2 keyboard)
Jul 12 00:36:56 server1 login[1460]: pam_unix(login:session): session opened for user jjna by LOGIN(uid=0)
Jul 12 00:36:56 server1 systemd-logind[1383]: New session 1 of user jjna.
Jul 12 00:36:56 server1 systemd: pam_unix(systemd-user:session): session opened for user jjna by (uid=0)
Jul 12 00:37:09 server1 sudo: jjna : TTY=tty1 ; PWD=/home/jjna ; USER=root ; COMMAND=/sbin/ifconfig
Jul 12 00:37:09 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:37:09 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:37:15 server1 sudo: jjna : TTY=tty1 ; PWD=/home/jjna ; USER=root ; COMMAND=/usr/bin/apt-get update
Jul 12 00:37:15 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:37:19 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:37:42 server1 sudo: jjna : TTY=tty1 ; PWD=/home/jjna ; USER=root ; COMMAND=/usr/bin/apt-get install openssh-server
Jul 12 00:37:42 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:38:04 server1 useradd[2952]: new user: name=sshd, UID=110, GID=65534, home=/run/sshd, shell=/usr/sbin/nologin
Jul 12 00:38:05 server1 usermod[2958]: change user 'sshd' password
Jul 12 00:38:05 server1 chage[2963]: changed password expiry for sshd
Jul 12 00:38:06 server1 sshd[3087]: Server listening on 0.0.0.0 port 22.
Jul 12 00:38:06 server1 sshd[3087]: Server listening on :: port 22.
Jul 12 00:38:09 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:41:10 server1 sshd[3182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.107 user=jjna
Jul 12 00:41:12 server1 sshd[3182]: Failed password for jjna from 192.168.0.107 port 62031 ssh2
Jul 12 00:41:23 server1 sshd[3182]: Failed password for jjna from 192.168.0.107 port 62031 ssh2
Jul 12 00:42:40 server1 sshd[3182]: Connection closed by authenticating user jjna 192.168.0.107 port 62031 [preauth]
Jul 12 00:42:40 server1 sshd[3182]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.107 user=jjna
Jul 12 00:43:36 server1 sudo: jjna : TTY=tty1 ; PWD=/home/jjna ; USER=root ; COMMAND=/usr/sbin/ufw status
Jul 12 00:43:36 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:43:36 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:44:10 server1 sudo: jjna : TTY=tty1 ; PWD=/home/jjna ; USER=root ; COMMAND=/usr/sbin/ufw disable
Jul 12 00:44:10 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:44:10 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:44:20 server1 sudo: jjna : TTY=tty1 ; PWD=/home/jjna ; USER=root ; COMMAND=/usr/sbin/ufw status
Jul 12 00:44:20 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:44:20 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:44:35 server1 sudo: jjna : TTY=tty1 ; PWD=/home/jjna ; USER=root ; COMMAND=/usr/bin/apt-get remove ufw
Jul 12 00:44:35 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:44:42 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:45:37 server1 sshd[3523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.107 user=jjna
Jul 12 00:45:39 server1 sshd[3523]: Failed password for jjna from 192.168.0.107 port 62373 ssh2
Jul 12 00:45:51 server1 sshd[3523]: message repeated 2 times: [ Failed password for jjna from 192.168.0.107 port 62373 ssh2]
Jul 12 00:46:12 server1 sudo: jjna : TTY=tty1 ; PWD=/etc/ssh ; USER=root ; COMMAND=/usr/bin/vi sshd_config
Jul 12 00:46:12 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:48:03 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:48:04 server1 sudo: jjna : TTY=tty1 ; PWD=/etc/ssh ; USER=root ; COMMAND=/usr/bin/vi sshd_config
Jul 12 00:48:04 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:49:49 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:49:55 server1 sudo: jjna : TTY=tty1 ; PWD=/etc/ssh ; USER=root ; COMMAND=/sbin/reboot
Jul 12 00:49:55 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:50:36 server1 systemd-logind[1066]: New seat seat0.
Jul 12 00:50:36 server1 systemd-logind[1066]: Watching system buttons on /dev/input/event2 (Power Button)
Jul 12 00:50:36 server1 systemd-logind[1066]: Watching system buttons on /dev/input/event0 (Lid Switch)
Jul 12 00:50:36 server1 systemd-logind[1066]: Watching system buttons on /dev/input/event1 (Sleep Button)
Jul 12 00:50:36 server1 systemd-logind[1066]: Watching system buttons on /dev/input/event3 (AT Translated Set 2 keyboard)
Jul 12 00:50:40 server1 sshd[1370]: debug3: already daemonized
Jul 12 00:50:40 server1 sshd[1370]: debug3: oom_adjust_setup
Jul 12 00:50:40 server1 sshd[1370]: debug1: Set /proc/self/oom_score_adj from 0 to -1000
Jul 12 00:50:40 server1 sshd[1370]: debug2: fd 3 setting O_NONBLOCK
Jul 12 00:50:40 server1 sshd[1370]: debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
Jul 12 00:50:40 server1 sshd[1370]: debug1: Bind to port 22 on ::.
Jul 12 00:50:40 server1 sshd[1370]: Server listening on :: port 22.
Jul 12 00:50:40 server1 sshd[1370]: debug2: fd 4 setting O_NONBLOCK
Jul 12 00:50:40 server1 sshd[1370]: debug1: Bind to port 22 on 0.0.0.0.
Jul 12 00:50:40 server1 sshd[1370]: Server listening on 0.0.0.0 port 22.
Jul 12 00:51:42 server1 login[1302]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=jjna
Jul 12 00:51:45 server1 login[1302]: FAILED LOGIN (1) on '/dev/tty1' FOR 'jjna', Authentication failure
Jul 12 00:51:53 server1 login[1302]: pam_unix(login:session): session opened for user jjna by LOGIN(uid=0)
Jul 12 00:51:53 server1 systemd-logind[1066]: New session 1 of user jjna.
Jul 12 00:51:53 server1 systemd: pam_unix(systemd-user:session): session opened for user jjna by (uid=0)
Jul 12 00:52:22 server1 sudo: jjna : TTY=tty1 ; PWD=/etc/ssh ; USER=root ; COMMAND=/usr/bin/vi sshd_config
Jul 12 00:52:22 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:54:32 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:54:36 server1 sudo: jjna : TTY=tty1 ; PWD=/etc/ssh ; USER=root ; COMMAND=/sbin/reboot
Jul 12 00:54:36 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 00:54:36 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 00:55:16 server1 systemd-logind[1004]: New seat seat0.
Jul 12 00:55:16 server1 systemd-logind[1004]: Watching system buttons on /dev/input/event2 (Power Button)
Jul 12 00:55:16 server1 systemd-logind[1004]: Watching system buttons on /dev/input/event0 (Lid Switch)
Jul 12 00:55:16 server1 systemd-logind[1004]: Watching system buttons on /dev/input/event1 (Sleep Button)
Jul 12 00:55:16 server1 systemd-logind[1004]: Watching system buttons on /dev/input/event3 (AT Translated Set 2 keyboard)
Jul 12 00:55:16 server1 sshd[1166]: debug3: already daemonized
Jul 12 00:55:16 server1 sshd[1166]: debug3: oom_adjust_setup
Jul 12 00:55:16 server1 sshd[1166]: debug1: Set /proc/self/oom_score_adj from 0 to -1000
Jul 12 00:55:16 server1 sshd[1166]: debug2: fd 3 setting O_NONBLOCK
Jul 12 00:55:16 server1 sshd[1166]: debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
Jul 12 00:55:16 server1 sshd[1166]: debug1: Bind to port 22 on ::.
Jul 12 00:55:16 server1 sshd[1166]: Server listening on :: port 22.
Jul 12 00:55:16 server1 sshd[1166]: debug2: fd 4 setting O_NONBLOCK
Jul 12 00:55:16 server1 sshd[1166]: debug1: Bind to port 22 on 0.0.0.0.
Jul 12 00:55:16 server1 sshd[1166]: Server listening on 0.0.0.0 port 22.
Jul 12 00:56:27 server1 login[1173]: pam_unix(login:session): session opened for user jjna by LOGIN(uid=0)
Jul 12 00:56:27 server1 systemd-logind[1004]: New session 1 of user jjna.
Jul 12 00:56:27 server1 systemd: pam_unix(systemd-user:session): session opened for user jjna by (uid=0)
Jul 12 00:56:48 server1 sshd[1166]: debug3: fd 5 is not O_NONBLOCK
Jul 12 00:56:48 server1 sshd[1166]: debug1: Forked child 1553.
Jul 12 00:56:48 server1 sshd[1166]: debug3: send_rexec_state: entering fd = 8 config len 356
Jul 12 00:56:48 server1 sshd[1166]: debug3: ssh_msg_send: type 0
Jul 12 00:56:48 server1 sshd[1166]: debug3: send_rexec_state: done
Jul 12 00:56:48 server1 sshd[1553]: debug3: oom_adjust_restore
Jul 12 00:56:48 server1 sshd[1553]: debug1: Set /proc/self/oom_score_adj to 0
Jul 12 00:56:48 server1 sshd[1553]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Jul 12 00:56:48 server1 sshd[1553]: debug1: inetd sockets after dupping: 3, 3
Jul 12 00:56:48 server1 sshd[1553]: Connection from 192.168.0.107 port 62977 on 192.168.0.105 port 22
Jul 12 00:56:48 server1 sshd[1553]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.71
Jul 12 00:56:48 server1 sshd[1553]: debug1: no match: PuTTY_Release_0.71
Jul 12 00:56:48 server1 sshd[1553]: debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
Jul 12 00:56:48 server1 sshd[1553]: debug2: fd 3 setting O_NONBLOCK
Jul 12 00:56:48 server1 sshd[1553]: debug3: ssh_sandbox_init: preparing seccomp filter sandbox
Jul 12 00:56:48 server1 sshd[1553]: debug2: Network child is on pid 1559
Jul 12 00:56:48 server1 sshd[1553]: debug3: preauth child monitor started
Jul 12 00:56:48 server1 sshd[1553]: debug3: privsep user:group 110:65534 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: permanently_set_uid: 110/65534 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: send packet: type 20 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: receive packet: type 20 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: SSH2_MSG_KEXINIT received [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: local server KEXINIT proposal [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: compression ctos: none,zlib@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: compression stoc: none,zlib@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: languages ctos: [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: languages stoc: [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: first_kex_follows 0 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: reserved 0 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: peer client KEXINIT proposal [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,rsa2048-sha256,rsa1024-sha1,diffie-hellman-group1-sha1 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: ciphers ctos: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,chacha20-poly1305@openssh.com,3des-ctr,3des-cbc,blowfish-ctr,blowfish-cbc,arcfour256,arcfour128 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: ciphers stoc: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,chacha20-poly1305@openssh.com,3des-ctr,3des-cbc,blowfish-ctr,blowfish-cbc,arcfour256,arcfour128 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: MACs ctos: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-etm@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: MACs stoc: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-etm@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: compression ctos: none,zlib,zlib@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: compression stoc: none,zlib,zlib@openssh.com [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: languages ctos: [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: languages stoc: [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: first_kex_follows 0 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: reserved 0 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: receive packet: type 30 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_key_sign entering [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_request_send entering: type 6 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_request_receive_expect entering: type 7 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_request_receive entering [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_request_receive entering
Jul 12 00:56:48 server1 sshd[1553]: debug3: monitor_read: checking request 6
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_answer_sign
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_answer_sign: hostkey proof signature 0x5619332a8c70(83)
Jul 12 00:56:48 server1 sshd[1553]: debug3: mm_request_send entering: type 7
Jul 12 00:56:48 server1 sshd[1553]: debug2: monitor_read: 6 used once, disabling now
Jul 12 00:56:48 server1 sshd[1553]: debug3: send packet: type 31 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: send packet: type 21 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: set_newkeys: mode 1 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: rekey after 4294967296 blocks [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: receive packet: type 21 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug2: set_newkeys: mode 0 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: rekey after 4294967296 blocks [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug1: KEX done [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: receive packet: type 5 [preauth]
Jul 12 00:56:48 server1 sshd[1553]: debug3: send packet: type 6 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: receive packet: type 50 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug1: userauth-request for user jjna service ssh-connection method none [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug1: attempt 0 failures 0 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_getpwnamallow entering [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_send entering: type 8 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_receive_expect entering: type 9 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_receive entering [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_receive entering
Jul 12 00:56:53 server1 sshd[1553]: debug3: monitor_read: checking request 8
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_answer_pwnamallow
Jul 12 00:56:53 server1 sshd[1553]: debug2: parse_server_config: config reprocess config len 356
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_send entering: type 9
Jul 12 00:56:53 server1 sshd[1553]: debug2: monitor_read: 8 used once, disabling now
Jul 12 00:56:53 server1 sshd[1553]: debug2: input_userauth_request: setting up authctxt for jjna [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_start_pam entering [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_send entering: type 100 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_inform_authserv entering [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_send entering: type 4 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug2: input_userauth_request: try method none [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: send packet: type 51 [preauth]
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_receive entering
Jul 12 00:56:53 server1 sshd[1553]: debug3: monitor_read: checking request 100
Jul 12 00:56:53 server1 sshd[1553]: debug1: PAM: initializing for "jjna"
Jul 12 00:56:53 server1 sshd[1553]: debug1: PAM: setting PAM_RHOST to "192.168.0.107"
Jul 12 00:56:53 server1 sshd[1553]: debug1: PAM: setting PAM_TTY to "ssh"
Jul 12 00:56:53 server1 sshd[1553]: debug2: monitor_read: 100 used once, disabling now
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_request_receive entering
Jul 12 00:56:53 server1 sshd[1553]: debug3: monitor_read: checking request 4
Jul 12 00:56:53 server1 sshd[1553]: debug3: mm_answer_authserv: service=ssh-connection, style=, role=
Jul 12 00:56:53 server1 sshd[1553]: debug2: monitor_read: 4 used once, disabling now
Jul 12 00:56:58 server1 sshd[1553]: debug3: receive packet: type 2 [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: Received SSH2_MSG_IGNORE [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: receive packet: type 50 [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug1: userauth-request for user jjna service ssh-connection method password [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug1: attempt 1 failures 0 [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug2: input_userauth_request: try method password [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: mm_auth_password entering [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: mm_request_send entering: type 12 [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: mm_request_receive_expect entering: type 13 [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: mm_request_receive entering [preauth]
Jul 12 00:56:58 server1 sshd[1553]: debug3: mm_request_receive entering
Jul 12 00:56:58 server1 sshd[1553]: debug3: monitor_read: checking request 12
Jul 12 00:56:58 server1 sshd[1553]: debug3: PAM: sshpam_passwd_conv called with 1 messages
Jul 12 00:56:58 server1 sshd[1553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.107 user=jjna
Jul 12 00:57:00 server1 sshd[1553]: debug1: PAM: password authentication failed for jjna: Authentication failure
Jul 12 00:57:00 server1 sshd[1553]: debug3: mm_answer_authpassword: sending result 0
Jul 12 00:57:00 server1 sshd[1553]: debug3: mm_request_send entering: type 13
Jul 12 00:57:00 server1 sshd[1553]: Failed password for jjna from 192.168.0.107 port 62977 ssh2
Jul 12 00:57:00 server1 sshd[1553]: debug3: mm_auth_password: user not authenticated [preauth]
Jul 12 00:57:00 server1 sshd[1553]: debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]
Jul 12 00:57:00 server1 sshd[1553]: debug3: send packet: type 51 [preauth]
Jul 12 00:57:34 server1 sshd[1553]: Connection closed by authenticating user jjna 192.168.0.107 port 62977 [preauth]
Jul 12 00:57:34 server1 sshd[1553]: debug1: do_cleanup [preauth]
Jul 12 00:57:34 server1 sshd[1553]: debug3: PAM: sshpam_thread_cleanup entering [preauth]
Jul 12 00:57:34 server1 sshd[1553]: debug1: monitor_read_log: child log fd closed
Jul 12 00:57:34 server1 sshd[1553]: debug3: mm_request_receive entering
Jul 12 00:57:34 server1 sshd[1553]: debug1: do_cleanup
Jul 12 00:57:34 server1 sshd[1553]: debug1: PAM: cleanup
Jul 12 00:57:34 server1 sshd[1553]: debug3: PAM: sshpam_thread_cleanup entering
Jul 12 00:57:34 server1 sshd[1553]: debug1: Killing privsep child 1559
Jul 12 00:57:34 server1 sshd[1553]: debug1: audit_event: unhandled event 12
Jul 12 01:01:30 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/vi auth.log
Jul 12 01:01:30 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:02:09 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:02:36 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/sbin/fdisk -l
Jul 12 01:02:36 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:02:36 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:05:20 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/sbin/fdisk -l
Jul 12 01:05:20 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:05:20 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:05:50 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/bin/mount /dev/sdb /tmp
Jul 12 01:05:50 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:05:50 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:08:40 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/bin/umount /dev/sdb
Jul 12 01:08:40 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:08:40 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:09:06 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/sbin/mkfs.ntfs /dev/sdb
Jul 12 01:09:06 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:09:06 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:09:41 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/sbin/mkfs.ntfs /dev/sdb1
Jul 12 01:09:41 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:10:33 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:10:35 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/sbin/mkfs.ntfs /dev/sdb1
Jul 12 01:10:35 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:10:35 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:12:28 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/sbin/fdisk -l
Jul 12 01:12:28 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:12:28 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:12:35 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/sbin/mkfs.ntfs /dev/sdb1
Jul 12 01:12:35 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:17:01 server1 CRON[1777]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 12 01:17:01 server1 CRON[1777]: pam_unix(cron:session): session closed for user root
Jul 12 01:37:46 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:52:02 server1 sudo: jjna : TTY=tty1 ; PWD=/var/log ; USER=root ; COMMAND=/bin/mount /dev/sbd1 /tmp
Jul 12 01:52:02 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:52:02 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:52:58 server1 sudo: jjna : TTY=tty1 ; PWD=/ ; USER=root ; COMMAND=/bin/mount /dev/sdb1 /tmp
Jul 12 01:52:58 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
Jul 12 01:52:59 server1 sudo: pam_unix(sudo:session): session closed for user root
Jul 12 01:53:26 server1 sudo: jjna : TTY=tty1 ; PWD=/ ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Jul 12 01:53:26 server1 sudo: pam_unix(sudo:session): session opened for user root by jjna(uid=0)
-
hpandsun
- 帖子: 13
- 注册时间: 2019-07-06 16:29
- 系统: win7
Re: SSH服务器拒绝了密码
兄弟们,我的QQ是923056289,能否与我联系,我愿意付款,请求支持