ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    KVM host: Failed login attempts

    IT Discussion
    kvm login ssh
    5
    8
    678
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • FATeknollogee
      FATeknollogee last edited by

      I have this KVM host that is behind a firewall.
      Today I go to login (via VPN) & I see this message:

      0_1513786480415_Screenshot from 2017-12-20 08-14-20.png

      1. Should I be worried.
      2. What's best practice.
      1 Reply Last reply Reply Quote 0
      • coliver
        coliver last edited by

        Is Fail2Ban best practice for a hyper-visor?

        travisdh1 1 Reply Last reply Reply Quote 2
        • travisdh1
          travisdh1 @coliver last edited by

          @coliver said in KVM host: Failed login attempts:

          Is Fail2Ban best practice for a hyper-visor?

          Fail2ban all the things.

          Should probably have chkrootkit or rkhunter running as well.

          1 Reply Last reply Reply Quote 0
          • Dashrender
            Dashrender last edited by

            If that host is not accessable without VPN, who is making bad attempts on your KVM server from inside your network? Do you have a scanning server (like Spiceworks?) trying to logon and scan?

            1 Reply Last reply Reply Quote 2
            • FATeknollogee
              FATeknollogee last edited by

              My bad, my bad....
              Last week I was doing some testing & I set a port forward on port 22 to this host.
              Ooops, I forgot to remove the rule.

              Dashrender travisdh1 Obsolesce 3 Replies Last reply Reply Quote 1
              • Dashrender
                Dashrender @FATeknollogee last edited by

                @fateknollogee said in KVM host: Failed login attempts:

                My bad, my bad....
                Last week I was doing some testing & I set a port forward on port 22 to this host.
                Ooops, I forgot to remove the rule.

                Awww.. that makes sense.

                1 Reply Last reply Reply Quote 0
                • travisdh1
                  travisdh1 @FATeknollogee last edited by

                  @fateknollogee said in KVM host: Failed login attempts:

                  My bad, my bad....
                  Last week I was doing some testing & I set a port forward on port 22 to this host.
                  Ooops, I forgot to remove the rule.

                  I'll tell you to have fail2ban and either chkrootkit or rkhunter running anyway. Multiple levels of security should make for happier times all around.

                  1 Reply Last reply Reply Quote 0
                  • Obsolesce
                    Obsolesce @FATeknollogee last edited by Obsolesce

                    @fateknollogee said in KVM host: Failed login attempts:

                    My bad, my bad....
                    Last week I was doing some testing & I set a port forward on port 22 to this host.
                    Ooops, I forgot to remove the rule.

                    This is why I only allow RSA key based authentication. No root login, no password login. Disable all other methods.

                    1 Reply Last reply Reply Quote 3
                    • First post
                      Last post