"POSSIBLE BREAK-IN ATTEMPT!" in /var/log/secure — what does this mean?

ssh security linux centos

Solution 1:

Unfortunately this in now a very common occurrence. It is an automated attack on SSH which is using 'common' usernames to try and break into your system. The message means exactly what it says, it does not mean that you have been hacked, just that someone tried.

Solution 2:

The "POSSIBLE BREAK-IN ATTEMPT" part specifically, is related to the "reverse mapping checking getaddrinfo failed" part. It means the person who was connecting didn't have forward and reverse DNS configured correctly. This is quite common, especially for ISP connections, which is where the "attack" was probably coming from.

Unrelated the the "POSSIBLE BREAK-IN ATTEMPT" message, the person is actually trying to break in using common user names and passwords. Do not use simple passwords for SSH; in fact the best idea to to disable passwords altogether and use SSH keys only.

Related

What significance does the user/host at the end of an SSH public key file hold?
What type of DNS record is needed to make a subdomain?
List of files installed from apt package
How to run command as user who has /usr/sbin/nologin as Shell?
How to determine JAVA_HOME on Debian/Ubuntu?
Where can I find data stored by a Windows Service running as "Local System Account"?
What firewall ports need to be open to allow access to external git repositories?
Should I use tap or tun for openvpn?
In a PowerShell script, how can I check if I'm running with administrator privileges?
Can Mac OS X be run inside Docker? [closed]
InnoDB: Error: log file ./ib_logfile0 is of different size
How to re-order windows, change the scroll shortcut, and modify the status bar contents in GNU Screen?