In your logs, you note that for successful SSH2 connections, there are also failed-logon events immediately preceeding each.
SSH2 connections are first tried without authentication, then with the specified credentials. The initial contact will silently fail almost immediately then the connection will be tried with the user/password provided.
Disregard these entries, they do not indicate a security event happening. You may optionally configure your firewall product to not log these.
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.