Hi guys, i run a ubuntu20.04 with ISPConfig 3.2 and apache2 when i put in command: Code: oot@server4:~# ss | grep -i ssh tcp ESTAB 0 36 167.86.78.111:ssh 31.14.62.112:36766 tcp ESTAB 0 68 167.86.78.111:ssh 193.112.107.200:36144 there i assume i have 2 ssh connections when i run who i get this result: Code: root@server4:~# who root pts/0 2020-11-28 17:20 (31.14.62.112) now i am confused if another user is connected to my server. maybe someone can give me an idea ? thanks a lot for your help i wonder because i made a check with rkhunter and get this result: Code: root@server4:~# rkhunter --check --rwo Warning: User 'web37' has been added to the passwd file. Warning: Changes found in the group file for group 'sshusers': User 'web37' has been added to the group Warning: The SSH and rkhunter configuration options should be the same: SSH configuration option 'Protocol': 2 Rkhunter configuration option 'ALLOW_SSH_PROT_V1': 2
If your server allows ssh connections from the internet, you will get connections/login attempts fairly non-stop, around the clock. Your logs will show more info.
I would advise only using key to access ssh and disable password access. Key can have password too. You can also restrict access via firewall to certain ip address for ssh access.