-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2018-01-05 at 22:47 +0100, gumb wrote:
On 05/01/18 22:03, Carlos E. R. wrote:
On Friday, 2018-01-05 at 18:50 +0100, gumb wrote:
...
You can do this from the terminal without YaST. For instance:
journalctl | grep -i ssh | less
If you want to do this as user, not root, add your user to the group "systemd-journal" using Yast, users and groups management module, and login again.
It's probably worth making a note of. I use YaST simply because the main reason I ssh to that machine is to do updates and run the Software Management module. I started on SuSE before zypper was a thing so old habits die hard, YaST is just where I go to get things done.
Same here, I use YaST. But I do not do updates remotely, just for the chance of the remote machine failing and not responding. ...
There are other methods; what I described is for hardware under your full control, usually at home.
Yep, the port number was something I configured at the beginning to be non-standard, so hopefully this scan was just a lucky hit.
In that case, I would be a bit more worried.
However, I've just thought of something. It's well over a year since I first got ssh set up and in that time nothing's ever shown up in the logs. I was at the other location just a week or so ago, and on the 26th December attempted to configure ssh in the reverse direction to my main machine left switched on at home. I simply generated the ssh key then attempted the ssh-copy-id command, but it would hang and eventually produce an error message that I've forgotten. Just an inaccessible machine or whatever. I don't know why and haven't looked into it enough. Both machines run openSUSE 42.3 and have been configured for ssh identically so far as I'm aware, and I saw nothing obvious in my main machine's logs when I returned home to suggest even any attempt at an ssh connection.
For ssh.copy-id to work you need to be able to login on the other machine. If that machine does not allow password connection, as the keys are not there already, the program will fail. I think.
But it was just two days later that the first of these two failed access attempts from a Cypriot server shows up in the remote machine's logs. Which is just a bit too coincidental for comfort. Is there any way that a ssh-copy-id command can be intercepted enough so as to trace the sender's port number?
The ssh-copy-id program uses ssh for the transfer. It is a script, you can look up what it does. What goes inside is safe; however, it can be seen by a sniffer to what IP and port it connects, because that has to be in the standard packet info... - -- Cheers, Carlos E. R. (from openSUSE 42.2 x86_64 "Malachite" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlpP+ckACgkQtTMYHG2NR9XzmwCfQ7pf5bKzQt9QG+MgdVT6he2o hZgAoIYRga+LQSXjalU+mkz5slzwRB80 =nWZt -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org