Facebook

auth_log safest cryptocurrency exchange

From Jago, 6 Years ago, written in Bash.
URL https://pastebin.pl/view/ce28f51e
Embed
Download Paste or View Raw
Hits: 518
  1. ubuntu@ip-172-31-46-92:/var/log$ cat auth.log
  2. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: new group: name=ubuntu, GID=1000
  3. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: new user: name=ubuntu, UID=1000, GID=1000, home=/home/ubuntu, shell=/bin/bash
  4. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to group 'adm'
  5. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to group 'dialout'
  6. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to group 'cdrom'
  7. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to group 'floppy'
  8. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to group 'sudo'
  9. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to group 'audio'
  10. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to group 'dip'
  11. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to group 'video'
  12. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to group 'plugdev'
  13. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to group 'netdev'
  14. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to group 'lxd'
  15. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to shadow group 'adm'
  16. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to shadow group 'dialout'
  17. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to shadow group 'cdrom'
  18. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to shadow group 'floppy'
  19. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to shadow group 'sudo'
  20. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to shadow group 'audio'
  21. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to shadow group 'dip'
  22. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to shadow group 'video'
  23. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to shadow group 'plugdev'
  24. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to shadow group 'netdev'
  25. Jul 25 17:59:08 ip-172-31-46-92 useradd[1051]: add 'ubuntu' to shadow group 'lxd'
  26. Jul 25 17:59:08 ip-172-31-46-92 passwd[1056]: password for 'ubuntu' changed by 'root'
  27. Jul 25 17:59:09 ip-172-31-46-92 sshd[1285]: Server listening on 0.0.0.0 port 22.
  28. Jul 25 17:59:09 ip-172-31-46-92 sshd[1285]: Server listening on :: port 22.
  29. Jul 25 17:59:09 ip-172-31-46-92 systemd-logind[1091]: Watching system buttons on /dev/input/event0 (Power Button)
  30. Jul 25 17:59:09 ip-172-31-46-92 systemd-logind[1091]: Watching system buttons on /dev/input/event1 (Sleep Button)
  31. Jul 25 17:59:09 ip-172-31-46-92 systemd-logind[1091]: New seat seat0.
  32. Jul 25 18:17:01 ip-172-31-46-92 CRON[1362]: pam_unix(cron:session): session opened for user root by (uid=0)
  33. Jul 25 18:17:01 ip-172-31-46-92 CRON[1362]: pam_unix(cron:session): session closed for user root
  34. Jul 25 18:17:29 ip-172-31-46-92 sshd[1285]: Received signal 15; terminating.
  35. Jul 26 07:22:25 ip-172-31-46-92 sshd[1135]: Server listening on 0.0.0.0 port 22.
  36. Jul 26 07:22:25 ip-172-31-46-92 sshd[1135]: Server listening on :: port 22.
  37. Jul 26 07:22:25 ip-172-31-46-92 systemd-logind[1146]: Watching system buttons on /dev/input/event0 (Power Button)
  38. Jul 26 07:22:25 ip-172-31-46-92 systemd-logind[1146]: Watching system buttons on /dev/input/event1 (Sleep Button)
  39. Jul 26 07:22:25 ip-172-31-46-92 systemd-logind[1146]: New seat seat0.
  40. Jul 26 07:33:44 ip-172-31-46-92 sshd[16287]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
  41. Jul 26 07:33:44 ip-172-31-46-92 sshd[16287]: Connection closed by 195.212.29.184 port 48856 [preauth]
  42. Jul 26 07:36:34 ip-172-31-46-92 sshd[16289]: Invalid user admin from 213.216.48.2
  43. Jul 26 07:36:34 ip-172-31-46-92 sshd[16289]: input_userauth_request: invalid user admin [preauth]
  44. Jul 26 07:36:34 ip-172-31-46-92 sshd[16289]: error: maximum authentication attempts exceeded for invalid user admin from 213.216.48.2 port 60935 ssh2 [preauth]
  45. Jul 26 07:36:34 ip-172-31-46-92 sshd[16289]: Disconnecting: Too many authentication failures [preauth]
  46. Jul 26 07:39:17 ip-172-31-46-92 sshd[16295]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
  47. Jul 26 07:39:17 ip-172-31-46-92 sshd[16295]: Accepted publickey for ubuntu from 195.212.29.184 port 48902 ssh2: RSA SHA256:8f0RkWdZil4jBpv/fSX/mM6wlJatBgrUAETXiGUbegg
  48. Jul 26 07:39:17 ip-172-31-46-92 sshd[16295]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
  49. Jul 26 07:39:17 ip-172-31-46-92 systemd: pam_unix(systemd-user:session): session opened for user ubuntu by (uid=0)
  50. Jul 26 07:39:17 ip-172-31-46-92 systemd-logind[1146]: New session 1 of user ubuntu.
  51. Jul 26 07:43:56 ip-172-31-46-92 sshd[16354]: Received disconnect from 195.212.29.184 port 48902:11: disconnected by user
  52. Jul 26 07:43:56 ip-172-31-46-92 sshd[16354]: Disconnected from 195.212.29.184 port 48902
  53. Jul 26 07:43:56 ip-172-31-46-92 sshd[16295]: pam_unix(sshd:session): session closed for user ubuntu
  54. Jul 26 07:43:56 ip-172-31-46-92 systemd-logind[1146]: Removed session 1.
  55. Jul 26 07:44:13 ip-172-31-46-92 sshd[1135]: Received signal 15; terminating.
  56. Jul 26 11:15:05 ip-172-31-46-92 sshd[1119]: Server listening on 0.0.0.0 port 22.
  57. Jul 26 11:15:05 ip-172-31-46-92 sshd[1119]: Server listening on :: port 22.
  58. Jul 26 11:15:05 ip-172-31-46-92 systemd-logind[1124]: Watching system buttons on /dev/input/event0 (Power Button)
  59. Jul 26 11:15:05 ip-172-31-46-92 systemd-logind[1124]: Watching system buttons on /dev/input/event1 (Sleep Button)
  60. Jul 26 11:15:05 ip-172-31-46-92 systemd-logind[1124]: New seat seat0.
  61. Jul 26 11:15:57 ip-172-31-46-92 sshd[1270]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
  62. Jul 26 11:15:57 ip-172-31-46-92 sshd[1270]: Accepted publickey for ubuntu from 195.212.29.187 port 41592 ssh2: RSA SHA256:8f0RkWdZil4jBpv/fSX/mM6wlJatBgrUAETXiGUbegg
  63. Jul 26 11:15:57 ip-172-31-46-92 sshd[1270]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
  64. Jul 26 11:15:57 ip-172-31-46-92 systemd: pam_unix(systemd-user:session): session opened for user ubuntu by (uid=0)
  65. Jul 26 11:15:57 ip-172-31-46-92 systemd-logind[1124]: New session 1 of user ubuntu.
  66. Jul 26 11:17:01 ip-172-31-46-92 CRON[1350]: pam_unix(cron:session): session opened for user root by (uid=0)
  67. Jul 26 11:17:01 ip-172-31-46-92 CRON[1350]: pam_unix(cron:session): session closed for user root
  68. Jul 26 11:17:04 ip-172-31-46-92 sudo:   ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/sbin/adduser tomasz
  69. Jul 26 11:17:04 ip-172-31-46-92 sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0)
  70. Jul 26 11:17:04 ip-172-31-46-92 groupadd[1355]: group added to /etc/group: name=tomasz, GID=1001
  71. Jul 26 11:17:04 ip-172-31-46-92 groupadd[1355]: group added to /etc/gshadow: name=tomasz
  72. Jul 26 11:17:04 ip-172-31-46-92 groupadd[1355]: new group: name=tomasz, GID=1001
  73. Jul 26 11:17:04 ip-172-31-46-92 useradd[1359]: new user: name=tomasz, UID=1001, GID=1001, home=/home/tomasz, shell=/bin/bash
  74. Jul 26 11:18:52 ip-172-31-46-92 passwd[1366]: pam_unix(passwd:chauthtok): password changed for tomasz
  75. Jul 26 11:19:50 ip-172-31-46-92 chfn[1367]: changed user 'tomasz' information
  76. Jul 26 11:19:53 ip-172-31-46-92 sudo: pam_unix(sudo:session): session closed for user root
  77. Jul 26 11:27:26 ip-172-31-46-92 sshd[1270]: pam_unix(sshd:session): session closed for user ubuntu
  78. Jul 26 11:27:26 ip-172-31-46-92 systemd-logind[1124]: Removed session 1.
  79. Jul 26 11:30:12 ip-172-31-46-92 sshd[1394]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
  80. Jul 26 11:30:12 ip-172-31-46-92 sshd[1394]: Accepted publickey for ubuntu from 195.212.29.187 port 41762 ssh2: RSA SHA256:8f0RkWdZil4jBpv/fSX/mM6wlJatBgrUAETXiGUbegg
  81. Jul 26 11:30:12 ip-172-31-46-92 sshd[1394]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
  82. Jul 26 11:30:12 ip-172-31-46-92 systemd: pam_unix(systemd-user:session): session opened for user ubuntu by (uid=0)
  83. Jul 26 11:30:12 ip-172-31-46-92 systemd-logind[1124]: New session 3 of user ubuntu.
  84. Jul 26 11:34:40 ip-172-31-46-92 su[1464]: Successful su for tomasz by ubuntu
  85. Jul 26 11:34:40 ip-172-31-46-92 su[1464]: + /dev/pts/0 ubuntu:tomasz
  86. Jul 26 11:34:40 ip-172-31-46-92 su[1464]: pam_unix(su:session): session opened for user tomasz by ubuntu(uid=1000)
  87. Jul 26 11:34:40 ip-172-31-46-92 su[1464]: pam_systemd(su:session): Cannot create session: Already running in a session
  88. Jul 26 11:39:40 ip-172-31-46-92 su[1464]: pam_unix(su:session): session closed for user tomasz
  89. Jul 26 11:44:14 ip-172-31-46-92 sshd[1394]: pam_unix(sshd:session): session closed for user ubuntu
  90. Jul 26 11:44:14 ip-172-31-46-92 systemd-logind[1124]: Removed session 3.
  91. Jul 26 12:17:01 ip-172-31-46-92 CRON[1541]: pam_unix(cron:session): session opened for user root by (uid=0)
  92. Jul 26 12:17:01 ip-172-31-46-92 CRON[1541]: pam_unix(cron:session): session closed for user root
  93. Jul 26 12:17:44 ip-172-31-46-92 sshd[1544]: Did not receive identification string from 220.178.78.130
  94. Jul 26 12:28:01 ip-172-31-46-92 CRON[1547]: pam_unix(cron:session): session opened for user root by (uid=0)
  95. Jul 26 12:28:01 ip-172-31-46-92 CRON[1547]: pam_unix(cron:session): session closed for user root
  96. Jul 26 13:17:01 ip-172-31-46-92 CRON[1574]: pam_unix(cron:session): session opened for user root by (uid=0)
  97. Jul 26 13:17:01 ip-172-31-46-92 CRON[1574]: pam_unix(cron:session): session closed for user root
  98. Jul 26 13:25:06 ip-172-31-46-92 sshd[1589]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
  99. Jul 26 13:25:07 ip-172-31-46-92 sshd[1589]: Accepted publickey for ubuntu from 195.212.29.187 port 43486 ssh2: RSA SHA256:8f0RkWdZil4jBpv/fSX/mM6wlJatBgrUAETXiGUbegg
  100. Jul 26 13:25:07 ip-172-31-46-92 sshd[1589]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
  101. Jul 26 13:25:07 ip-172-31-46-92 systemd: pam_unix(systemd-user:session): session opened for user ubuntu by (uid=0)
  102. Jul 26 13:25:07 ip-172-31-46-92 systemd-logind[1124]: New session 7 of user ubuntu.
  103. Jul 26 13:25:42 ip-172-31-46-92 sshd[1668]: Connection closed by 23.92.208.245 port 25224 [preauth]
  104. Jul 26 13:25:49 ip-172-31-46-92 sudo:   ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/apt-get update
  105. Jul 26 13:25:49 ip-172-31-46-92 sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0)
  106. Jul 26 13:25:52 ip-172-31-46-92 sudo: pam_unix(sudo:session): session closed for user root
  107. Jul 26 13:26:08 ip-172-31-46-92 sudo:   ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/apt-get install -y htop
  108. Jul 26 13:26:08 ip-172-31-46-92 sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0)
  109. Jul 26 13:26:10 ip-172-31-46-92 sudo: pam_unix(sudo:session): session closed for user root
  110. Jul 26 13:33:32 ip-172-31-46-92 sshd[1589]: pam_unix(sshd:session): session closed for user ubuntu
  111. Jul 26 13:33:32 ip-172-31-46-92 systemd-logind[1124]: Removed session 7.
  112. Jul 26 13:33:32 ip-172-31-46-92 systemd: pam_unix(systemd-user:session): session closed for user ubuntu
  113. Jul 26 13:36:59 ip-172-31-46-92 sshd[2138]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
  114. Jul 26 13:36:59 ip-172-31-46-92 sshd[2138]: Accepted publickey for ubuntu from 195.212.29.187 port 43704 ssh2: RSA SHA256:8f0RkWdZil4jBpv/fSX/mM6wlJatBgrUAETXiGUbegg
  115. Jul 26 13:36:59 ip-172-31-46-92 sshd[2138]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
  116. Jul 26 13:36:59 ip-172-31-46-92 systemd: pam_unix(systemd-user:session): session opened for user ubuntu by (uid=0)
  117. Jul 26 13:36:59 ip-172-31-46-92 systemd-logind[1124]: New session 8 of user ubuntu.
  118. Jul 26 13:38:18 ip-172-31-46-92 su[2192]: Successful su for tomasz by ubuntu
  119. Jul 26 13:38:18 ip-172-31-46-92 su[2192]: + /dev/pts/0 ubuntu:tomasz
  120. Jul 26 13:38:18 ip-172-31-46-92 su[2192]: pam_unix(su:session): session opened for user tomasz by ubuntu(uid=1000)
  121. Jul 26 13:38:18 ip-172-31-46-92 su[2192]: pam_systemd(su:session): Cannot create session: Already running in a session
  122. Jul 26 13:40:28 ip-172-31-46-92 sudo:   tomasz : user NOT in sudoers ; TTY=pts/0 ; PWD=/home/tomasz ; USER=root ; COMMAND=/usr/sbin/visudo
  123. Jul 26 13:41:00 ip-172-31-46-92 su[2192]: pam_unix(su:session): session closed for user tomasz
  124. Jul 26 13:41:16 ip-172-31-46-92 sudo:   ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/sbin/visudo
  125. Jul 26 13:41:16 ip-172-31-46-92 sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0)
  126. Jul 26 13:44:57 ip-172-31-46-92 sshd[2176]: Received disconnect from 195.212.29.187 port 43704:11: disconnected by user
  127. Jul 26 13:44:57 ip-172-31-46-92 sshd[2176]: Disconnected from 195.212.29.187 port 43704
  128. Jul 26 13:44:57 ip-172-31-46-92 sshd[2138]: pam_unix(sshd:session): session closed for user ubuntu
  129. Jul 26 13:44:57 ip-172-31-46-92 sudo: pam_unix(sudo:session): session closed for user root
  130. Jul 26 13:44:57 ip-172-31-46-92 systemd-logind[1124]: Removed session 8.
  131. Jul 26 13:45:09 ip-172-31-46-92 sshd[2230]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
  132. Jul 26 13:45:09 ip-172-31-46-92 sshd[2230]: Accepted publickey for ubuntu from 195.212.29.187 port 43784 ssh2: RSA SHA256:8f0RkWdZil4jBpv/fSX/mM6wlJatBgrUAETXiGUbegg
  133. Jul 26 13:45:09 ip-172-31-46-92 sshd[2230]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
  134. Jul 26 13:45:09 ip-172-31-46-92 systemd: pam_unix(systemd-user:session): session opened for user ubuntu by (uid=0)
  135. Jul 26 13:45:09 ip-172-31-46-92 systemd-logind[1124]: New session 9 of user ubuntu.
  136. Jul 26 13:46:03 ip-172-31-46-92 sudo:   ubuntu : TTY=pts/0 ; PWD=/etc ; USER=root ; COMMAND=/bin/su
  137. Jul 26 13:46:03 ip-172-31-46-92 sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0)
  138. Jul 26 13:46:03 ip-172-31-46-92 su[2291]: Successful su for root by root
  139. Jul 26 13:46:03 ip-172-31-46-92 su[2291]: + /dev/pts/0 root:root
  140. Jul 26 13:46:03 ip-172-31-46-92 su[2291]: pam_unix(su:session): session opened for user root by ubuntu(uid=0)
  141. Jul 26 13:46:03 ip-172-31-46-92 su[2291]: pam_systemd(su:session): Cannot create session: Already running in a session
  142. Jul 26 13:47:35 ip-172-31-46-92 sudo:     root : TTY=pts/0 ; PWD=/etc/sudoers.d ; USER=root ; COMMAND=/usr/sbin/visudo
  143. Jul 26 13:47:35 ip-172-31-46-92 sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0)
  144. Jul 26 13:51:49 ip-172-31-46-92 sshd[2268]: Received disconnect from 195.212.29.187 port 43784:11: disconnected by user
  145. Jul 26 13:51:49 ip-172-31-46-92 sshd[2268]: Disconnected from 195.212.29.187 port 43784
  146. Jul 26 13:51:49 ip-172-31-46-92 sshd[2230]: pam_unix(sshd:session): session closed for user ubuntu
  147. Jul 26 13:51:49 ip-172-31-46-92 sudo: pam_unix(sudo:session): session closed for user root
  148. Jul 26 13:51:49 ip-172-31-46-92 su[2291]: pam_unix(su:session): session closed for user root
  149. Jul 26 13:51:49 ip-172-31-46-92 sudo: pam_unix(sudo:session): session closed for user root
  150. Jul 26 13:51:49 ip-172-31-46-92 systemd-logind[1124]: Removed session 9.
  151. Jul 26 13:51:49 ip-172-31-46-92 systemd: pam_unix(systemd-user:session): session closed for user ubuntu
  152. Jul 26 16:32:41 ip-172-31-46-92 sshd[1112]: Server listening on 0.0.0.0 port 22.
  153. Jul 26 16:32:41 ip-172-31-46-92 sshd[1112]: Server listening on :: port 22.
  154. Jul 26 16:32:41 ip-172-31-46-92 systemd-logind[1074]: Watching system buttons on /dev/input/event0 (Power Button)
  155. Jul 26 16:32:41 ip-172-31-46-92 systemd-logind[1074]: Watching system buttons on /dev/input/event1 (Sleep Button)
  156. Jul 26 16:32:41 ip-172-31-46-92 systemd-logind[1074]: New seat seat0.
  157. Jul 26 16:47:07 ip-172-31-46-92 sshd[1242]: fatal: Unable to negotiate with 103.207.36.231 port 62030: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
  158. Jul 26 16:47:12 ip-172-31-46-92 sshd[1244]: fatal: Unable to negotiate with 103.207.36.231 port 64058: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
  159. Jul 26 16:47:53 ip-172-31-46-92 sshd[1251]: error: Received disconnect from 188.121.0.11 port 51647:14: No supported authentication methods available [preauth]
  160. Jul 26 16:47:53 ip-172-31-46-92 sshd[1251]: Disconnected from 188.121.0.11 port 51647 [preauth]
  161. Jul 26 16:59:49 ip-172-31-46-92 sshd[1253]: error: Received disconnect from 188.121.0.11 port 51735:14: No supported authentication methods available [preauth]
  162. Jul 26 16:59:49 ip-172-31-46-92 sshd[1253]: Disconnected from 188.121.0.11 port 51735 [preauth]
  163. Jul 26 17:01:31 ip-172-31-46-92 sshd[1267]: error: Received disconnect from 188.121.0.11 port 51747:14: No supported authentication methods available [preauth]
  164. Jul 26 17:01:31 ip-172-31-46-92 sshd[1267]: Disconnected from 188.121.0.11 port 51747 [preauth]
  165. Jul 26 17:17:01 ip-172-31-46-92 CRON[1269]: pam_unix(cron:session): session opened for user root by (uid=0)
  166. Jul 26 17:17:01 ip-172-31-46-92 CRON[1269]: pam_unix(cron:session): session closed for user root
  167. Jul 26 17:18:15 ip-172-31-46-92 sshd[1272]: error: Received disconnect from 188.121.0.11 port 52271:14: No supported authentication methods available [preauth]
  168. Jul 26 17:18:15 ip-172-31-46-92 sshd[1272]: Disconnected from 188.121.0.11 port 52271 [preauth]
  169. Jul 26 17:19:55 ip-172-31-46-92 sshd[1274]: error: Received disconnect from 188.121.0.11 port 52315:14: No supported authentication methods available [preauth]
  170. Jul 26 17:19:55 ip-172-31-46-92 sshd[1274]: Disconnected from 188.121.0.11 port 52315 [preauth]
  171. Jul 26 17:20:57 ip-172-31-46-92 sshd[1276]: Invalid user ubuntu@52.58.74.21 from 188.121.0.11
  172. Jul 26 17:20:57 ip-172-31-46-92 sshd[1276]: input_userauth_request: invalid user ubuntu@52.58.74.21 [preauth]
  173. Jul 26 17:20:57 ip-172-31-46-92 sshd[1276]: error: Received disconnect from 188.121.0.11 port 52325:14: No supported authentication methods available [preauth]
  174. Jul 26 17:20:57 ip-172-31-46-92 sshd[1276]: Disconnected from 188.121.0.11 port 52325 [preauth]
  175. Jul 26 17:23:03 ip-172-31-46-92 sshd[1278]: Connection closed by 188.121.0.11 port 52348 [preauth]
  176. Jul 26 17:25:58 ip-172-31-46-92 sshd[1280]: Received disconnect from 116.31.116.52 port 28664:11:  [preauth]
  177. Jul 26 17:25:58 ip-172-31-46-92 sshd[1280]: Disconnected from 116.31.116.52 port 28664 [preauth]
  178. Jul 26 17:42:26 ip-172-31-46-92 sshd[1294]: error: Received disconnect from 188.121.0.11 port 52526:14: No supported authentication methods available [preauth]
  179. Jul 26 17:42:26 ip-172-31-46-92 sshd[1294]: Disconnected from 188.121.0.11 port 52526 [preauth]
  180. Jul 26 17:43:11 ip-172-31-46-92 sshd[1296]: Accepted publickey for root from 188.121.0.11 port 52532 ssh2: RSA SHA256:8f0RkWdZil4jBpv/fSX/mM6wlJatBgrUAETXiGUbegg
  181. Jul 26 17:43:11 ip-172-31-46-92 sshd[1296]: pam_unix(sshd:session): session opened for user root by (uid=0)
  182. Jul 26 17:43:11 ip-172-31-46-92 systemd: pam_unix(systemd-user:session): session opened for user root by (uid=0)
  183. Jul 26 17:43:11 ip-172-31-46-92 systemd-logind[1074]: New session 2 of user root.
  184. Jul 26 17:43:22 ip-172-31-46-92 sshd[1296]: pam_unix(sshd:session): session closed for user root
  185. Jul 26 17:43:22 ip-172-31-46-92 systemd-logind[1074]: Removed session 2.
  186. Jul 26 17:44:01 ip-172-31-46-92 sshd[1368]: Accepted publickey for ubuntu from 188.121.0.11 port 52537 ssh2: RSA SHA256:8f0RkWdZil4jBpv/fSX/mM6wlJatBgrUAETXiGUbegg
  187. Jul 26 17:44:01 ip-172-31-46-92 sshd[1368]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
  188. Jul 26 17:44:01 ip-172-31-46-92 systemd: pam_unix(systemd-user:session): session opened for user ubuntu by (uid=0)
  189. Jul 26 17:44:01 ip-172-31-46-92 systemd-logind[1074]: New session 3 of user ubuntu.
  190. Jul 26 17:44:35 ip-172-31-46-92 su[1422]: Successful su for tomasz by ubuntu
  191. Jul 26 17:44:35 ip-172-31-46-92 su[1422]: + /dev/pts/0 ubuntu:tomasz
  192. Jul 26 17:44:35 ip-172-31-46-92 su[1422]: pam_unix(su:session): session opened for user tomasz by ubuntu(uid=1000)
  193. Jul 26 17:44:35 ip-172-31-46-92 su[1422]: pam_systemd(su:session): Cannot create session: Already running in a session
  194. Jul 26 17:56:23 ip-172-31-46-92 su[1422]: pam_unix(su:session): session closed for user tomasz
  195. Jul 26 17:56:26 ip-172-31-46-92 sshd[1368]: pam_unix(sshd:session): session closed for user ubuntu
  196. Jul 26 17:56:26 ip-172-31-46-92 systemd-logind[1074]: Removed session 3.
  197. Jul 26 18:17:01 ip-172-31-46-92 CRON[1473]: pam_unix(cron:session): session opened for user root by (uid=0)
  198. Jul 26 18:17:01 ip-172-31-46-92 CRON[1473]: pam_unix(cron:session): session closed for user root
  199. Jul 26 18:24:21 ip-172-31-46-92 sshd[1488]: Invalid user 0 from 91.197.232.107
  200. Jul 26 18:24:21 ip-172-31-46-92 sshd[1488]: input_userauth_request: invalid user 0 [preauth]
  201. Jul 26 18:24:21 ip-172-31-46-92 sshd[1488]: Connection closed by 91.197.232.107 port 56957 [preauth]
  202. Jul 26 18:24:22 ip-172-31-46-92 sshd[1490]: Invalid user 0000 from 91.197.232.107
  203. Jul 26 18:24:22 ip-172-31-46-92 sshd[1490]: input_userauth_request: invalid user 0000 [preauth]
  204. Jul 26 18:24:22 ip-172-31-46-92 sshd[1490]: Connection closed by 91.197.232.107 port 33681 [preauth]
  205. Jul 26 18:24:42 ip-172-31-46-92 sshd[1492]: Invalid user 010101 from 91.197.232.107
  206. Jul 26 18:24:42 ip-172-31-46-92 sshd[1492]: input_userauth_request: invalid user 010101 [preauth]
  207. Jul 26 18:24:42 ip-172-31-46-92 sshd[1492]: Connection closed by 91.197.232.107 port 41119 [preauth]
  208. Jul 26 18:24:44 ip-172-31-46-92 sshd[1494]: Invalid user 1111 from 91.197.232.107
  209. Jul 26 18:24:44 ip-172-31-46-92 sshd[1494]: input_userauth_request: invalid user 1111 [preauth]
  210. Jul 26 18:24:45 ip-172-31-46-92 sshd[1494]: Connection closed by 91.197.232.107 port 42934 [preauth]
  211. Jul 26 18:24:53 ip-172-31-46-92 sshd[1496]: Connection closed by 91.197.232.107 port 60618 [preauth]
  212. Jul 26 18:24:54 ip-172-31-46-92 sshd[1498]: Invalid user 1234 from 91.197.232.107
  213. Jul 26 18:24:54 ip-172-31-46-92 sshd[1498]: input_userauth_request: invalid user 1234 [preauth]
  214. Jul 26 18:24:54 ip-172-31-46-92 sshd[1498]: Connection closed by 91.197.232.107 port 36092 [preauth]
  215. Jul 26 18:25:09 ip-172-31-46-92 sshd[1500]: Invalid user admin from 91.197.232.107
  216. Jul 26 18:25:09 ip-172-31-46-92 sshd[1500]: input_userauth_request: invalid user admin [preauth]
  217. Jul 26 18:25:09 ip-172-31-46-92 sshd[1500]: Connection closed by 91.197.232.107 port 54703 [preauth]
  218. Jul 26 18:25:19 ip-172-31-46-92 sshd[1502]: Invalid user admin from 91.197.232.107
  219. Jul 26 18:25:19 ip-172-31-46-92 sshd[1502]: input_userauth_request: invalid user admin [preauth]
  220. Jul 26 18:25:21 ip-172-31-46-92 sshd[1502]: Connection closed by 91.197.232.107 port 43460 [preauth]
  221. Jul 26 18:25:27 ip-172-31-46-92 sshd[1504]: Invalid user admin from 91.197.232.107
  222. Jul 26 18:25:27 ip-172-31-46-92 sshd[1504]: input_userauth_request: invalid user admin [preauth]
  223. Jul 26 18:25:28 ip-172-31-46-92 sshd[1504]: Connection closed by 91.197.232.107 port 48826 [preauth]
  224. Jul 26 18:25:35 ip-172-31-46-92 sshd[1506]: Invalid user admin from 91.197.232.107
  225. Jul 26 18:25:35 ip-172-31-46-92 sshd[1506]: input_userauth_request: invalid user admin [preauth]
  226. Jul 26 18:25:37 ip-172-31-46-92 sshd[1506]: Connection closed by 91.197.232.107 port 48478 [preauth]
  227. Jul 26 18:25:44 ip-172-31-46-92 sshd[1508]: Invalid user admin from 91.197.232.107
  228. Jul 26 18:25:44 ip-172-31-46-92 sshd[1508]: input_userauth_request: invalid user admin [preauth]
  229. Jul 26 18:25:47 ip-172-31-46-92 sshd[1508]: Connection closed by 91.197.232.107 port 55165 [preauth]
  230. Jul 26 18:25:53 ip-172-31-46-92 sshd[1510]: Invalid user admin from 91.197.232.107
  231. Jul 26 18:25:53 ip-172-31-46-92 sshd[1510]: input_userauth_request: invalid user admin [preauth]
  232. Jul 26 18:25:53 ip-172-31-46-92 sshd[1510]: Connection closed by 91.197.232.107 port 40203 [preauth]
  233. Jul 26 18:26:00 ip-172-31-46-92 sshd[1512]: Invalid user api from 91.197.232.107
  234. Jul 26 18:26:00 ip-172-31-46-92 sshd[1512]: input_userauth_request: invalid user api [preauth]
  235. Jul 26 18:26:00 ip-172-31-46-92 sshd[1512]: Connection closed by 91.197.232.107 port 46706 [preauth]
  236. Jul 26 18:26:13 ip-172-31-46-92 sshd[1514]: Invalid user dbadmin from 91.197.232.107
  237. Jul 26 18:26:13 ip-172-31-46-92 sshd[1514]: input_userauth_request: invalid user dbadmin [preauth]
  238. Jul 26 18:26:13 ip-172-31-46-92 sshd[1514]: Connection closed by 91.197.232.107 port 44679 [preauth]
  239. Jul 26 18:26:17 ip-172-31-46-92 sshd[1516]: Invalid user default from 91.197.232.107
  240. Jul 26 18:26:17 ip-172-31-46-92 sshd[1516]: input_userauth_request: invalid user default [preauth]
  241. Jul 26 18:26:17 ip-172-31-46-92 sshd[1516]: Connection closed by 91.197.232.107 port 57031 [preauth]
  242. Jul 26 18:26:27 ip-172-31-46-92 sshd[1518]: Invalid user default from 91.197.232.107
  243. Jul 26 18:26:27 ip-172-31-46-92 sshd[1518]: input_userauth_request: invalid user default [preauth]
  244. Jul 26 18:26:27 ip-172-31-46-92 sshd[1518]: Connection closed by 91.197.232.107 port 49165 [preauth]
  245. Jul 26 18:26:27 ip-172-31-46-92 sshd[1520]: Invalid user ftp from 91.197.232.107
  246. Jul 26 18:26:27 ip-172-31-46-92 sshd[1520]: input_userauth_request: invalid user ftp [preauth]
  247. Jul 26 18:26:27 ip-172-31-46-92 sshd[1520]: Connection closed by 91.197.232.107 port 60401 [preauth]
  248. Jul 26 18:26:28 ip-172-31-46-92 sshd[1522]: Invalid user ftpuser from 91.197.232.107
  249. Jul 26 18:26:28 ip-172-31-46-92 sshd[1522]: input_userauth_request: invalid user ftpuser [preauth]
  250. Jul 26 18:26:28 ip-172-31-46-92 sshd[1522]: Connection closed by 91.197.232.107 port 34124 [preauth]
  251. Jul 26 18:26:30 ip-172-31-46-92 sshd[1524]: Invalid user git from 91.197.232.107
  252. Jul 26 18:26:30 ip-172-31-46-92 sshd[1524]: input_userauth_request: invalid user git [preauth]
  253. Jul 26 18:26:30 ip-172-31-46-92 sshd[1524]: Connection closed by 91.197.232.107 port 42208 [preauth]
  254. Jul 26 18:26:39 ip-172-31-46-92 sshd[1526]: Connection closed by 91.197.232.107 port 54303 [preauth]
  255. Jul 26 18:26:44 ip-172-31-46-92 sshd[1528]: Invalid user gpadmin from 91.197.232.107
  256. Jul 26 18:26:44 ip-172-31-46-92 sshd[1528]: input_userauth_request: invalid user gpadmin [preauth]
  257. Jul 26 18:26:44 ip-172-31-46-92 sshd[1528]: Connection closed by 91.197.232.107 port 37534 [preauth]
  258. Jul 26 18:26:44 ip-172-31-46-92 sshd[1530]: Invalid user guest from 91.197.232.107
  259. Jul 26 18:26:44 ip-172-31-46-92 sshd[1530]: input_userauth_request: invalid user guest [preauth]
  260. Jul 26 18:26:44 ip-172-31-46-92 sshd[1530]: Connection closed by 91.197.232.107 port 52905 [preauth]
  261. Jul 26 18:26:45 ip-172-31-46-92 sshd[1532]: Invalid user monitor from 91.197.232.107
  262. Jul 26 18:26:45 ip-172-31-46-92 sshd[1532]: input_userauth_request: invalid user monitor [preauth]
  263. Jul 26 18:26:45 ip-172-31-46-92 sshd[1532]: Connection closed by 91.197.232.107 port 53838 [preauth]
  264. Jul 26 18:26:47 ip-172-31-46-92 sshd[1534]: Invalid user mysql from 91.197.232.107
  265. Jul 26 18:26:47 ip-172-31-46-92 sshd[1534]: input_userauth_request: invalid user mysql [preauth]
  266. Jul 26 18:26:47 ip-172-31-46-92 sshd[1534]: Connection closed by 91.197.232.107 port 55250 [preauth]
  267. Jul 26 18:26:50 ip-172-31-46-92 sshd[1536]: Invalid user mysql from 91.197.232.107
  268. Jul 26 18:26:50 ip-172-31-46-92 sshd[1536]: input_userauth_request: invalid user mysql [preauth]
  269. Jul 26 18:26:50 ip-172-31-46-92 sshd[1536]: Connection closed by 91.197.232.107 port 60922 [preauth]
  270. Jul 26 18:26:58 ip-172-31-46-92 sshd[1538]: Invalid user operator from 91.197.232.107
  271. Jul 26 18:26:58 ip-172-31-46-92 sshd[1538]: input_userauth_request: invalid user operator [preauth]
  272. Jul 26 18:26:58 ip-172-31-46-92 sshd[1538]: Connection closed by 91.197.232.107 port 44564 [preauth]
  273. Jul 26 18:27:02 ip-172-31-46-92 sshd[1540]: Invalid user osmc from 91.197.232.107
  274. Jul 26 18:27:02 ip-172-31-46-92 sshd[1540]: input_userauth_request: invalid user osmc [preauth]
  275. Jul 26 18:27:02 ip-172-31-46-92 sshd[1540]: Connection closed by 91.197.232.107 port 53853 [preauth]
  276. Jul 26 18:27:10 ip-172-31-46-92 sshd[1542]: Invalid user pi from 91.197.232.107
  277. Jul 26 18:27:10 ip-172-31-46-92 sshd[1542]: input_userauth_request: invalid user pi [preauth]
  278. Jul 26 18:27:11 ip-172-31-46-92 sshd[1542]: Connection closed by 91.197.232.107 port 38048 [preauth]
  279. Jul 26 18:27:17 ip-172-31-46-92 sshd[1544]: Connection closed by 91.197.232.107 port 48625 [preauth]
  280. Jul 26 18:27:37 ip-172-31-46-92 sshd[1546]: Connection closed by 91.197.232.107 port 42536 [preauth]
  281. Jul 26 18:27:44 ip-172-31-46-92 sshd[1548]: Connection closed by 91.197.232.107 port 47173 [preauth]
  282. Jul 26 18:27:50 ip-172-31-46-92 sshd[1550]: Invalid user service from 91.197.232.107
  283. Jul 26 18:27:50 ip-172-31-46-92 sshd[1550]: input_userauth_request: invalid user service [preauth]
  284. Jul 26 18:27:56 ip-172-31-46-92 sshd[1550]: Connection closed by 91.197.232.107 port 33446 [preauth]
  285. Jul 26 18:28:03 ip-172-31-46-92 sshd[1552]: Connection closed by 91.197.232.107 port 44837 [preauth]
  286. Jul 26 18:28:08 ip-172-31-46-92 sshd[1554]: Invalid user support from 91.197.232.107
  287. Jul 26 18:28:08 ip-172-31-46-92 sshd[1554]: input_userauth_request: invalid user support [preauth]
  288. Jul 26 18:28:08 ip-172-31-46-92 sshd[1554]: Connection closed by 91.197.232.107 port 54265 [preauth]
  289. Jul 26 18:28:17 ip-172-31-46-92 sshd[1556]: Invalid user sysadmin from 91.197.232.107
  290. Jul 26 18:28:17 ip-172-31-46-92 sshd[1556]: input_userauth_request: invalid user sysadmin [preauth]
  291. Jul 26 18:28:17 ip-172-31-46-92 sshd[1556]: Connection closed by 91.197.232.107 port 37494 [preauth]
  292. Jul 26 18:28:26 ip-172-31-46-92 sshd[1558]: Invalid user telecomadmin from 91.197.232.107
  293. Jul 26 18:28:26 ip-172-31-46-92 sshd[1558]: input_userauth_request: invalid user telecomadmin [preauth]
  294. Jul 26 18:28:26 ip-172-31-46-92 sshd[1558]: Connection closed by 91.197.232.107 port 47241 [preauth]
  295. Jul 26 18:28:31 ip-172-31-46-92 sshd[1560]: Invalid user telnet from 91.197.232.107
  296. Jul 26 18:28:31 ip-172-31-46-92 sshd[1560]: input_userauth_request: invalid user telnet [preauth]
  297. Jul 26 18:28:31 ip-172-31-46-92 sshd[1560]: Connection closed by 91.197.232.107 port 58893 [preauth]
  298. Jul 26 18:28:34 ip-172-31-46-92 sshd[1562]: Invalid user test from 91.197.232.107
  299. Jul 26 18:28:34 ip-172-31-46-92 sshd[1562]: input_userauth_request: invalid user test [preauth]
  300. Jul 26 18:28:34 ip-172-31-46-92 sshd[1562]: Connection closed by 91.197.232.107 port 48519 [preauth]
  301. Jul 26 18:28:38 ip-172-31-46-92 sshd[1564]: Connection closed by 91.197.232.107 port 59037 [preauth]
  302. Jul 26 18:28:47 ip-172-31-46-92 sshd[1566]: Invalid user ubnt from 91.197.232.107
  303. Jul 26 18:28:47 ip-172-31-46-92 sshd[1566]: input_userauth_request: invalid user ubnt [preauth]
  304. Jul 26 18:28:47 ip-172-31-46-92 sshd[1566]: Connection closed by 91.197.232.107 port 52945 [preauth]
  305. Jul 26 18:28:59 ip-172-31-46-92 sshd[1568]: Invalid user user from 91.197.232.107
  306. Jul 26 18:28:59 ip-172-31-46-92 sshd[1568]: input_userauth_request: invalid user user [preauth]
  307. Jul 26 18:29:00 ip-172-31-46-92 sshd[1568]: Connection closed by 91.197.232.107 port 59453 [preauth]
  308. Jul 26 18:29:17 ip-172-31-46-92 sshd[1570]: Invalid user user1 from 91.197.232.107
  309. Jul 26 18:29:17 ip-172-31-46-92 sshd[1570]: input_userauth_request: invalid user user1 [preauth]
  310. Jul 26 18:29:17 ip-172-31-46-92 sshd[1570]: Connection closed by 91.197.232.107 port 53629 [preauth]
  311. Jul 26 18:29:21 ip-172-31-46-92 sshd[1572]: Connection closed by 91.197.232.107 port 36000 [preauth]
  312. Jul 26 19:17:01 ip-172-31-46-92 CRON[1598]: pam_unix(cron:session): session opened for user root by (uid=0)
  313. Jul 26 19:17:01 ip-172-31-46-92 CRON[1598]: pam_unix(cron:session): session closed for user root
  314. Jul 26 19:38:28 ip-172-31-46-92 sshd[1601]: error: maximum authentication attempts exceeded for root from 36.155.7.4 port 38171 ssh2 [preauth]
  315. Jul 26 19:38:28 ip-172-31-46-92 sshd[1601]: Disconnecting: Too many authentication failures [preauth]
  316. Jul 26 20:17:01 ip-172-31-46-92 CRON[1627]: pam_unix(cron:session): session opened for user root by (uid=0)
  317. Jul 26 20:17:01 ip-172-31-46-92 CRON[1627]: pam_unix(cron:session): session closed for user root
  318. Jul 26 21:17:01 ip-172-31-46-92 CRON[1725]: pam_unix(cron:session): session opened for user root by (uid=0)
  319. Jul 26 21:17:01 ip-172-31-46-92 CRON[1725]: pam_unix(cron:session): session closed for user root
  320. Jul 26 21:21:58 ip-172-31-46-92 sshd[1740]: Bad protocol version identification ''

Reply to "auth_log"