journalctl -f

I had port 22/tcp traffic from outside to my router and to my main Linux machine. This means that I could ssh into my machine from outside. I’ve had it open for a while.

Just out of curiosity, I ran the following command.

sudo journalctl -f -e

-f option means “Show only the most recent journal entries, and continuously print new entries as they are appended to the journal.”

So with these options, I can continuously monitor what’s going on with the daemons. I saw a bunch of logs like the following.

Nov 18 21:00:38 linux-mint sshd[17600]: Failed password for root from 222.186.173.154 port 60182 ssh2

This looks totally suspicious. Who is trying to logon to my machine as root? You can see the IP address and I decided to check on it on abuseipdb.comSure enough this IP address was reported many times. With this kind of data, I immediately closed the port 22. It’s probably a zombie PC that keeps scanning IP addresses all over the world looking for open ports to attack. This is really annoying because I can’t open ports for ssh and/or RDP. I mean I can but it’s much more risky than using a solution like VPN.

If you have port 22 open to one of your machines, it’s pretty interesting to see how many machines from outside trying to get a root access to your machine. That’s why it’s very important to have a complex password even if it’s for your personal use.

Author: admin

A software engineer in greater Seattle area

Leave a Reply

Your email address will not be published. Required fields are marked *