Logs show failed password for invalid user root from <IP Address> port 2924 ssh2

Posted by Chris Hanson on Server Fault See other posts from Server Fault or by Chris Hanson
Published on 2014-06-12T15:09:20Z Indexed on 2014/06/12 15:27 UTC
Read the original article Hit count: 1605

Filed under:

ssh

|

sftp

I'm getting a constant flow of these messages in my logs. The port is variable (seemingly between 1024 and 65535). I can simulate it myself by running

sftp root@<my ip>

I've commented out the sftp subsystem line in my sshd_config. These ports should be closed by provider's firewall.

I don't understand:

Why sftp would be selecting a random port like that. It seems to be behaving like FTP in passive mode, but I can't make any sense of why that would be.
Why it can even hit my server in the first place if these ports are closed.

© Server Fault or respective owner

Related posts about ssh

Problem with hadoop start-dfs.sh

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I installed and configured hadoop on my Ubuntu 14.04 server, virtualized inside of hyper-v, however I am getting an issue when i run start-dfs.sh root@sUbuntu01:/var/log# start-dfs.sh 14/06/04 15:27:08 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java… >>> More
SSH problems (ssh_exchange_identification: read: Connection reset by peer)

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I was running 11.10 and decided to do the full upgrade and come up to 12.04 after the update SSH (not SSHD) is now misbehaving when attempting to connect to other OpenSSH instances. I say OpenSSH as I am running a DropBear sshd on my router and I am able to connect to it. When attempting to connect… >>> More
SSH main process ended

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a running ubuntu server 10.04.1. When I tried to login to the server via ssh, I could not. Instead, I got connection refused error. I tried to ping the machine and I got reply! So, the clear reason is that SSH daemon is stopped. After reboot, I was able to login to my server via ssh. After… >>> More
SSH server not working (respawns until stopped)

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a running Ubuntu Server 10.04.1. When I tried to login to the server via ssh, I could not. Instead, I got connection refused error. I tried to ping the machine and I got reply! So, the clear reason is that SSH daemon is stopped. After reboot, I was able to login to my server via ssh. After… >>> More
Cannot SSH after resetting firewall on VPS

as seen on Server Fault - Search for 'Server Fault'
I'm having trouble trying to SSH to my Debian 5 VPS with blacknight. It was working fine until I did the following: Logged into 'Parallels Infrastructure Manager' - Container - Firewall - Set to 'Normal Firewall settings'. It told me there was an error with the IPTables and offered the option again… >>> More

Related posts about sftp

Need a non-GUI SFTP tool better than "sftp"

as seen on Super User - Search for 'Super User'
'sftp' is seriously lacking relative to, say, ncftp: it has no command memory, no Tab-completion of file names, and so on. Is there a non-GUI tool for SFTP that people recommend? >>> More
Need a non-GUI SFTP tool better than "sftp"

as seen on Server Fault - Search for 'Server Fault'
'sftp' is seriously lacking relative to, say, ncftp: it has no command memory, no Tab-completion of file names, and so on. Is there a non-GUI tool for SFTP that people recommend? >>> More
SFTP jail & Keeping file ownership the same / File owner per folder

as seen on Server Fault - Search for 'Server Fault'
I want to setup a jailed SFTP account for a subfolder of another user's home folder, but want the owner of everything in that subfolder to stay the same, including new files and folders uploaded and created by the sftp user, while still allowing access to the files and folders of that subfolder as… >>> More
Enabling SFTP Access within PLESK

as seen on Server Fault - Search for 'Server Fault'
Hello everyone, I have a client who wants to ensure his upload is secure, so we are trying to enable SFTP for him on our Linux PLESK server. I have enabled SSH access to bin/bash for FTP accounts, and created a new user. When I attempt to SFTP using either the IP address or the domain name, this… >>> More
Free solution to backup folders to external SFTP server with shadow copy

as seen on Super User - Search for 'Super User'
I have an account in university on Linux machine with 10TB of free space accessible via SFTP. I would like to backup my Windows 7 x64 laptop to university. Currently I am using rsync+cygwin, but backup is pretty slow (without shadow copy) and I hate console window appearing every day on my screen… >>> More