ssh newbie question: I only know the very basics of ssh (and next to nothing useful of Linux security). When I access a remote openSUSE machine using a private key previously exchanged, as opposed to a basic password (note: the remote PC has a very 'standard' configuration and its firewall is activated), I usually check the system log in YaST and apply a filter 'ssh' starting from my previous date of access. On this occasion I see something alien in the log. It appears to be just a failed attempt at unauthorized access. There are two entries from two separate dates. Example: kernel │SFW2-INext-ACC-TCP IN=eth0 OUT= MAC={big-long-mac-address} SRC=5.8.18.70 DST=192.168.1.64 LEN=52 TOS=0x02 sshd[4243] |Bad protocol version identification '\003' from 5.8.18.70 port 526 I did a search for this IP address and see this page: https://www.abuseipdb.com/check/5.8.18.70 which has several recent abuse reports. Without getting into complex nerdy affairs, what should my next simple step be? I assume I should only be concerned if I see a line suggesting a new ssh session was opened by somebody other than me? Or is there anything else I should keep a lookout for in future? gumb -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org