This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unsolicited SSH login attempt

Hello,

today I got an email that there was a failed SSH login attempt from one of my computers in the network.

The message contains an IP, timestamp, and a username. Including Sophops UTM info, uptime, load, version.

Weird thing though, it seems to be connect to my RDP connection from one of the servers to the client.

Can you tell me how to troubleshoot this further? I looked at the client, and cannot detect anything out of the place.



This thread was automatically locked due to age.
  • Never seen false positive mails because failed SSH login.

    So check the message ...

    Which credentials are used?

    The client is running this time?

    An SSH-Tool is placed at this device?

    Next i would check the client...

    login  attempts and other messages within eventlog?

    are there firewall rules between servers and clients?

    At the firewall: are there successful logins too?

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.