I tried to tighten the security of my ssh service. I use it only when I’m on the local network and I tried to configure Firewalld to shut the service for access from outside, and open it for just local access. I have done something wrong, because I get the message:
ssh dagr@192.168.0.199
ssh: connect to host 192.168.0.199 port 22: No route to host
Blockquote
I can send the firewalld rules and denied/allow host + ssh config files, but I wait until someone tells me which to look at.
@dagring Are you connecting direct to the internet with this machine, if your using a router that should be doing all the work? Unless there is no port forwarding going on, then all is good…
I have no firewalls running on the local network… all is done on the internet facing router.
@dagring that looks fine for the local network (lan). Incoming is all blocked. If you have another laptop and a phone with a hotspot to connect to on the LTE/5G network etc then can use nmap to look at your external ip address…
i got this ■■■■ in the face when I printed the /var/log/messages:
Preformatted text
2024-09-23T21:56:43.422309+02:00 opensuse22 sshd[20105]: Invalid user admin from 121.17.75.174 port 47116
2024-09-23T21:57:36.108383+02:00 opensuse22 sshd[20187]: Invalid user sammy from 121.17.75.174 port 59980
2024-09-23T22:12:44.885751+02:00 opensuse22 sshd[21466]: Invalid user adminftp from 119.96.159.237 port 38032
2024-09-23T22:13:13.993088+02:00 opensuse22 sshd[21492]: Invalid user daniel from 121.17.75.174 port 40024
2024-09-23T22:13:18.855316+02:00 opensuse22 sshd[21527]: Invalid user administrator from 119.96.159.237 port 45772
2024-09-23T22:13:53.803667+02:00 opensuse22 sshd[21588]: Invalid user administrator from 119.96.159.237 port 53514
2024-09-23T22:14:04.896852+02:00 opensuse22 sshd[21594]: Invalid user debianuser from 121.17.75.174 port 52890
2024-09-23T22:14:29.488857+02:00 opensuse22 sshd[21643]: Invalid user anand from 119.96.159.237 port 33028
2024-09-23T22:14:54.566456+02:00 opensuse22 sshd[21664]: Invalid user nisec from 121.17.75.174 port 37518
2024-09-23T22:15:04.271502+02:00 opensuse22 sshd[21684]: Invalid user basesystem from 119.96.159.237 port 40768
2024-09-23T22:15:38.174960+02:00 opensuse22 sshd[21735]: Invalid user bkp from 119.96.159.237 port 48508
2024-09-23T22:15:41.144709+02:00 opensuse22 sshd[21738]: Invalid user administrator from 121.17.75.174 port 50374
2024-09-23T22:16:10.295025+02:00 opensuse22 sshd[21756]: Invalid user cacti from 119.96.159.237 port 56252
2024-09-23T22:16:28.313575+02:00 opensuse22 sshd[21801]: Invalid user admin from 121.17.75.174 port 35004
2024-09-23T22:16:45.725874+02:00 opensuse22 sshd[21817]: Invalid user chris from 119.96.159.237 port 35762
2024-09-23T22:17:21.081452+02:00 opensuse22 sshd[21876]: Invalid user daniel from 119.96.159.237 port 43506
2024-09-23T22:17:56.726865+02:00 opensuse22 sshd[21911]: Invalid user david from 119.96.159.237 port 51246
2024-09-23T22:18:10.797130+02:00 opensuse22 sshd[21918]: Invalid user admin from 121.17.75.174 port 60716
2024-09-23T22:18:11.471483+02:00 opensuse22 sshd[21920]: Invalid user admin from 92.255.85.253 port 7533
2024-09-23T22:18:33.767971+02:00 opensuse22 sshd[21980]: Invalid user david from 119.96.159.237 port 58990
2024-09-23T22:18:59.214067+02:00 opensuse22 sshd[22036]: Invalid user admin from 121.17.75.174 port 45348
2024-09-23T22:19:07.267437+02:00 opensuse22 sshd[22041]: Invalid user debian from 119.96.159.237 port 38502
2024-09-23T22:19:44.819427+02:00 opensuse22 sshd[22098]: Invalid user debianuser from 119.96.159.237 port 46244
2024-09-23T22:19:47.484100+02:00 opensuse22 sshd[22101]: Invalid user user1 from 121.17.75.174 port 58204
2024-09-23T22:20:37.295983+02:00 opensuse22 sshd[22175]: Invalid user administrator from 121.17.75.174 port 42842
2024-09-23T22:21:23.256256+02:00 opensuse22 sshd[22255]: Invalid user cacti from 121.17.75.174 port 55704
The result showed 1000 ports scanned and no response. I tested the Shieldsup-site as well. How come i get those invalid users registered in /var/log/messages?
Yes. several PC’s and other appliances like light bulbs, printer. How do I run nmap on all Devices? The last 12 hours there haven’t been any login attempts beside my own. I did some changes in /etc/host.allow & deny.