Apr 29 06:26:18 NGC1977 CRON[38593]: pam_unix(cron:session): session closed for

1. Apr 29 06:26:18 NGC1977 CRON[38593]: pam_unix(cron:session): session closed for user root
2. Apr 29 06:39:01 NGC1977 CRON[40843]: pam_unix(cron:session): session opened for user root by (uid=0)
3. Apr 29 06:39:01 NGC1977 CRON[40843]: pam_unix(cron:session): session closed for user root
4. Apr 29 06:41:48 NGC1977 sshd[41448]: Accepted password for tefat from 192.168.5.10 port 40200 ssh2
5. Apr 29 06:41:48 NGC1977 sshd[41448]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
6. Apr 29 06:41:48 NGC1977 systemd-logind[738]: New session 33 of user tefat.
7. Apr 29 06:41:48 NGC1977 sshd[41448]: pam_unix(sshd:session): session closed for user tefat
8. Apr 29 06:41:48 NGC1977 systemd-logind[738]: Removed session 33.
9. Apr 29 06:41:50 NGC1977 sshd[41463]: Accepted password for tefat from 192.168.5.10 port 40202 ssh2
10. Apr 29 06:41:50 NGC1977 sshd[41463]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
11. Apr 29 06:41:50 NGC1977 systemd-logind[738]: New session 34 of user tefat.
12. Apr 29 06:41:50 NGC1977 sshd[41463]: pam_unix(sshd:session): session closed for user tefat
13. Apr 29 06:41:50 NGC1977 systemd-logind[738]: Removed session 34.
14. Apr 29 06:41:51 NGC1977 sshd[41474]: Accepted password for tefat from 192.168.5.10 port 40204 ssh2
15. Apr 29 06:41:51 NGC1977 sshd[41474]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
16. Apr 29 06:41:51 NGC1977 systemd-logind[738]: New session 35 of user tefat.
17. Apr 29 06:41:51 NGC1977 sshd[41474]: pam_unix(sshd:session): session closed for user tefat
18. Apr 29 06:41:51 NGC1977 systemd-logind[738]: Removed session 35.
19. Apr 29 06:41:53 NGC1977 sshd[41485]: Accepted password for tefat from 192.168.5.10 port 40206 ssh2
20. Apr 29 06:41:53 NGC1977 sshd[41485]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
21. Apr 29 06:41:53 NGC1977 systemd-logind[738]: New session 36 of user tefat.
22. Apr 29 06:41:53 NGC1977 sshd[41485]: pam_unix(sshd:session): session closed for user tefat
23. Apr 29 06:41:53 NGC1977 systemd-logind[738]: Removed session 36.
24. Apr 29 06:42:39 NGC1977 sshd[41617]: Accepted password for tefat from 192.168.5.10 port 40232 ssh2
25. Apr 29 06:42:39 NGC1977 sshd[41617]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
26. Apr 29 06:42:39 NGC1977 systemd-logind[738]: New session 37 of user tefat.
27. Apr 29 06:42:39 NGC1977 sshd[41617]: pam_unix(sshd:session): session closed for user tefat
28. Apr 29 06:42:39 NGC1977 systemd-logind[738]: Removed session 37.
29. Apr 29 07:00:01 NGC1977 CRON[44264]: pam_unix(cron:session): session opened for user tefat by (uid=0)
30. Apr 29 07:00:01 NGC1977 CRON[44265]: pam_unix(cron:session): session opened for user tefat by (uid=0)
31. Apr 29 07:00:01 NGC1977 CRON[44266]: pam_unix(cron:session): session opened for user tefat by (uid=0)
32. Apr 29 07:00:01 NGC1977 CRON[44264]: pam_unix(cron:session): session closed for user tefat
33. Apr 29 07:00:01 NGC1977 CRON[44265]: pam_unix(cron:session): session closed for user tefat
34. Apr 29 07:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
35. Apr 29 07:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
36. Apr 29 07:00:01 NGC1977 CRON[44266]: pam_unix(cron:session): session closed for user tefat
37. Apr 29 07:09:01 NGC1977 CRON[45594]: pam_unix(cron:session): session opened for user root by (uid=0)
38. Apr 29 07:09:01 NGC1977 CRON[45594]: pam_unix(cron:session): session closed for user root
39. Apr 29 07:17:01 NGC1977 CRON[46784]: pam_unix(cron:session): session opened for user root by (uid=0)
40. Apr 29 07:17:01 NGC1977 CRON[46784]: pam_unix(cron:session): session closed for user root
41. Apr 29 07:39:01 NGC1977 CRON[50008]: pam_unix(cron:session): session opened for user root by (uid=0)
42. Apr 29 07:39:01 NGC1977 CRON[50008]: pam_unix(cron:session): session closed for user root
43. Apr 29 08:00:01 NGC1977 CRON[53298]: pam_unix(cron:session): session opened for user tefat by (uid=0)
44. Apr 29 08:00:01 NGC1977 CRON[53300]: pam_unix(cron:session): session opened for user tefat by (uid=0)
45. Apr 29 08:00:01 NGC1977 CRON[53299]: pam_unix(cron:session): session opened for user tefat by (uid=0)
46. Apr 29 08:00:01 NGC1977 CRON[53298]: pam_unix(cron:session): session closed for user tefat
47. Apr 29 08:00:01 NGC1977 CRON[53299]: pam_unix(cron:session): session closed for user tefat
48. Apr 29 08:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
49. Apr 29 08:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
50. Apr 29 08:00:01 NGC1977 CRON[53300]: pam_unix(cron:session): session closed for user tefat
51. Apr 29 08:09:01 NGC1977 CRON[54628]: pam_unix(cron:session): session opened for user root by (uid=0)
52. Apr 29 08:09:01 NGC1977 CRON[54628]: pam_unix(cron:session): session closed for user root
53. Apr 29 08:17:01 NGC1977 CRON[55839]: pam_unix(cron:session): session opened for user root by (uid=0)
54. Apr 29 08:17:01 NGC1977 CRON[55839]: pam_unix(cron:session): session closed for user root
55. Apr 29 08:39:01 NGC1977 CRON[59072]: pam_unix(cron:session): session opened for user root by (uid=0)
56. Apr 29 08:39:01 NGC1977 CRON[59072]: pam_unix(cron:session): session closed for user root
57. Apr 29 09:00:01 NGC1977 CRON[62383]: pam_unix(cron:session): session opened for user tefat by (uid=0)
58. Apr 29 09:00:01 NGC1977 CRON[62382]: pam_unix(cron:session): session opened for user tefat by (uid=0)
59. Apr 29 09:00:01 NGC1977 CRON[62384]: pam_unix(cron:session): session opened for user tefat by (uid=0)
60. Apr 29 09:00:01 NGC1977 CRON[62383]: pam_unix(cron:session): session closed for user tefat
61. Apr 29 09:00:01 NGC1977 CRON[62382]: pam_unix(cron:session): session closed for user tefat
62. Apr 29 09:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
63. Apr 29 09:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
64. Apr 29 09:00:02 NGC1977 CRON[62384]: pam_unix(cron:session): session closed for user tefat
65. Apr 29 09:09:01 NGC1977 CRON[63715]: pam_unix(cron:session): session opened for user root by (uid=0)
66. Apr 29 09:09:01 NGC1977 CRON[63715]: pam_unix(cron:session): session closed for user root
67. Apr 29 09:17:01 NGC1977 CRON[64930]: pam_unix(cron:session): session opened for user root by (uid=0)
68. Apr 29 09:17:01 NGC1977 CRON[64930]: pam_unix(cron:session): session closed for user root
69. Apr 29 09:39:01 NGC1977 CRON[2965]: pam_unix(cron:session): session opened for user root by (uid=0)
70. Apr 29 09:39:01 NGC1977 CRON[2965]: pam_unix(cron:session): session closed for user root
71. Apr 29 10:00:01 NGC1977 CRON[6282]: pam_unix(cron:session): session opened for user tefat by (uid=0)
72. Apr 29 10:00:01 NGC1977 CRON[6284]: pam_unix(cron:session): session opened for user tefat by (uid=0)
73. Apr 29 10:00:01 NGC1977 CRON[6283]: pam_unix(cron:session): session opened for user tefat by (uid=0)
74. Apr 29 10:00:01 NGC1977 CRON[6283]: pam_unix(cron:session): session closed for user tefat
75. Apr 29 10:00:01 NGC1977 CRON[6282]: pam_unix(cron:session): session closed for user tefat
76. Apr 29 10:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
77. Apr 29 10:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
78. Apr 29 10:00:01 NGC1977 CRON[6284]: pam_unix(cron:session): session closed for user tefat
79. Apr 29 10:09:01 NGC1977 CRON[7654]: pam_unix(cron:session): session opened for user root by (uid=0)
80. Apr 29 10:09:01 NGC1977 CRON[7654]: pam_unix(cron:session): session closed for user root
81. Apr 29 10:17:01 NGC1977 CRON[8973]: pam_unix(cron:session): session opened for user root by (uid=0)
82. Apr 29 10:17:01 NGC1977 CRON[8973]: pam_unix(cron:session): session closed for user root
83. Apr 29 10:39:01 NGC1977 CRON[12226]: pam_unix(cron:session): session opened for user root by (uid=0)
84. Apr 29 10:39:01 NGC1977 CRON[12226]: pam_unix(cron:session): session closed for user root
85. Apr 29 11:00:01 NGC1977 CRON[15484]: pam_unix(cron:session): session opened for user tefat by (uid=0)
86. Apr 29 11:00:01 NGC1977 CRON[15485]: pam_unix(cron:session): session opened for user tefat by (uid=0)
87. Apr 29 11:00:01 NGC1977 CRON[15483]: pam_unix(cron:session): session opened for user tefat by (uid=0)
88. Apr 29 11:00:01 NGC1977 CRON[15483]: pam_unix(cron:session): session closed for user tefat
89. Apr 29 11:00:01 NGC1977 CRON[15484]: pam_unix(cron:session): session closed for user tefat
90. Apr 29 11:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
91. Apr 29 11:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
92. Apr 29 11:00:01 NGC1977 CRON[15485]: pam_unix(cron:session): session closed for user tefat
93. Apr 29 11:09:01 NGC1977 CRON[16883]: pam_unix(cron:session): session opened for user root by (uid=0)
94. Apr 29 11:09:01 NGC1977 CRON[16883]: pam_unix(cron:session): session closed for user root
95. Apr 29 11:17:01 NGC1977 CRON[18082]: pam_unix(cron:session): session opened for user root by (uid=0)
96. Apr 29 11:17:01 NGC1977 CRON[18082]: pam_unix(cron:session): session closed for user root
97. Apr 29 11:39:01 NGC1977 CRON[21336]: pam_unix(cron:session): session opened for user root by (uid=0)
98. Apr 29 11:39:01 NGC1977 CRON[21336]: pam_unix(cron:session): session closed for user root
99. Apr 29 12:00:01 NGC1977 CRON[24432]: pam_unix(cron:session): session opened for user tefat by (uid=0)
100. Apr 29 12:00:01 NGC1977 CRON[24431]: pam_unix(cron:session): session opened for user tefat by (uid=0)
101. Apr 29 12:00:01 NGC1977 CRON[24433]: pam_unix(cron:session): session opened for user tefat by (uid=0)
102. Apr 29 12:00:01 NGC1977 CRON[24432]: pam_unix(cron:session): session closed for user tefat
103. Apr 29 12:00:01 NGC1977 CRON[24431]: pam_unix(cron:session): session closed for user tefat
104. Apr 29 12:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
105. Apr 29 12:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
106. Apr 29 12:00:01 NGC1977 CRON[24433]: pam_unix(cron:session): session closed for user tefat
107. Apr 29 12:09:01 NGC1977 CRON[25962]: pam_unix(cron:session): session opened for user root by (uid=0)
108. Apr 29 12:09:01 NGC1977 CRON[25962]: pam_unix(cron:session): session closed for user root
109. Apr 29 12:17:01 NGC1977 CRON[27176]: pam_unix(cron:session): session opened for user root by (uid=0)
110. Apr 29 12:17:01 NGC1977 CRON[27176]: pam_unix(cron:session): session closed for user root
111. Apr 29 12:39:01 NGC1977 CRON[30397]: pam_unix(cron:session): session opened for user root by (uid=0)
112. Apr 29 12:39:01 NGC1977 CRON[30397]: pam_unix(cron:session): session closed for user root
113. Apr 29 13:00:01 NGC1977 CRON[33474]: pam_unix(cron:session): session opened for user tefat by (uid=0)
114. Apr 29 13:00:01 NGC1977 CRON[33476]: pam_unix(cron:session): session opened for user tefat by (uid=0)
115. Apr 29 13:00:01 NGC1977 CRON[33475]: pam_unix(cron:session): session opened for user tefat by (uid=0)
116. Apr 29 13:00:01 NGC1977 CRON[33475]: pam_unix(cron:session): session closed for user tefat
117. Apr 29 13:00:01 NGC1977 CRON[33474]: pam_unix(cron:session): session closed for user tefat
118. Apr 29 13:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
119. Apr 29 13:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
120. Apr 29 13:00:01 NGC1977 CRON[33476]: pam_unix(cron:session): session closed for user tefat
121. Apr 29 13:09:01 NGC1977 CRON[34799]: pam_unix(cron:session): session opened for user root by (uid=0)
122. Apr 29 13:09:01 NGC1977 CRON[34799]: pam_unix(cron:session): session closed for user root
123. Apr 29 13:17:01 NGC1977 CRON[36204]: pam_unix(cron:session): session opened for user root by (uid=0)
124. Apr 29 13:17:01 NGC1977 CRON[36204]: pam_unix(cron:session): session closed for user root
125. Apr 29 13:39:01 NGC1977 CRON[39455]: pam_unix(cron:session): session opened for user root by (uid=0)
126. Apr 29 13:39:01 NGC1977 CRON[39455]: pam_unix(cron:session): session closed for user root
127. Apr 29 14:00:01 NGC1977 CRON[42551]: pam_unix(cron:session): session opened for user tefat by (uid=0)
128. Apr 29 14:00:01 NGC1977 CRON[42553]: pam_unix(cron:session): session opened for user tefat by (uid=0)
129. Apr 29 14:00:01 NGC1977 CRON[42552]: pam_unix(cron:session): session opened for user tefat by (uid=0)
130. Apr 29 14:00:01 NGC1977 CRON[42551]: pam_unix(cron:session): session closed for user tefat
131. Apr 29 14:00:01 NGC1977 CRON[42552]: pam_unix(cron:session): session closed for user tefat
132. Apr 29 14:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
133. Apr 29 14:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
134. Apr 29 14:00:01 NGC1977 CRON[42553]: pam_unix(cron:session): session closed for user tefat
135. Apr 29 14:09:01 NGC1977 CRON[43878]: pam_unix(cron:session): session opened for user root by (uid=0)
136. Apr 29 14:09:01 NGC1977 CRON[43878]: pam_unix(cron:session): session closed for user root
137. Apr 29 14:17:01 NGC1977 CRON[45284]: pam_unix(cron:session): session opened for user root by (uid=0)
138. Apr 29 14:17:01 NGC1977 CRON[45284]: pam_unix(cron:session): session closed for user root
139. Apr 29 14:39:01 NGC1977 CRON[48514]: pam_unix(cron:session): session opened for user root by (uid=0)
140. Apr 29 14:39:01 NGC1977 CRON[48514]: pam_unix(cron:session): session closed for user root
141. Apr 29 14:47:26 NGC1977 sshd[49746]: Accepted publickey for tefat from 192.168.5.11 port 49756 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
142. Apr 29 14:47:26 NGC1977 sshd[49746]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
143. Apr 29 14:47:26 NGC1977 systemd-logind[738]: New session 86 of user tefat.
144. Apr 29 14:47:26 NGC1977 sshd[49746]: pam_unix(sshd:session): session closed for user tefat
145. Apr 29 14:47:26 NGC1977 systemd-logind[738]: Removed session 86.
146. Apr 29 14:52:33 NGC1977 perl[50518]: pam_unix(webmin:session): session opened for user root by (uid=0)
147. Apr 29 14:52:33 NGC1977 systemd-logind[738]: New session c2 of user root.
148. Apr 29 14:52:33 NGC1977 systemd: pam_unix(systemd-user:session): session opened for user root by (uid=0)
149. Apr 29 14:52:33 NGC1977 webmin[50518]: Successful login as root from 192.168.5.11
150. Apr 29 14:52:33 NGC1977 systemd-logind[738]: Removed session c2.
151. Apr 29 14:52:33 NGC1977 systemd: pam_unix(systemd-user:session): session closed for user root
152. Apr 29 14:56:36 NGC1977 login[4651]: pam_unix(login:session): session opened for user tefat by LOGIN(uid=0)
153. Apr 29 14:56:36 NGC1977 systemd-logind[738]: New session 88 of user tefat.
154. Apr 29 14:56:48 NGC1977 sudo: pam_unix(sudo:auth): authentication failure; logname=tefat uid=1000 euid=0 tty=/dev/tty1 ruser=tefat rhost= user=tefat
155. Apr 29 14:56:55 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl restart sshd.service
156. Apr 29 14:56:55 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
157. Apr 29 14:56:55 NGC1977 sshd[17519]: Received signal 15; terminating.
158. Apr 29 14:56:55 NGC1977 sshd[57014]: Server listening on 0.0.0.0 port 666.
159. Apr 29 14:56:55 NGC1977 sshd[57014]: Server listening on :: port 666.
160. Apr 29 14:56:55 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
161. Apr 29 14:57:00 NGC1977 sshd[57135]: Accepted publickey for tefat from 192.168.5.11 port 50766 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
162. Apr 29 14:57:00 NGC1977 sshd[57135]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
163. Apr 29 14:57:00 NGC1977 systemd-logind[738]: New session 89 of user tefat.
164. Apr 29 14:57:00 NGC1977 sshd[57135]: pam_unix(sshd:session): session closed for user tefat
165. Apr 29 14:57:00 NGC1977 systemd-logind[738]: Removed session 89.
166. Apr 29 14:57:08 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/nano /etc/ssh/sshd_config
167. Apr 29 14:57:08 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
168. Apr 29 14:57:19 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
169. Apr 29 14:57:29 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl stop sshd.service
170. Apr 29 14:57:29 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
171. Apr 29 14:57:29 NGC1977 sshd[57014]: Received signal 15; terminating.
172. Apr 29 14:57:29 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
173. Apr 29 14:57:39 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl start sshd.service
174. Apr 29 14:57:39 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
175. Apr 29 14:57:39 NGC1977 sshd[58023]: Server listening on 0.0.0.0 port 666.
176. Apr 29 14:57:39 NGC1977 sshd[58023]: Server listening on :: port 666.
177. Apr 29 14:57:39 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
178. Apr 29 14:57:44 NGC1977 sshd[58091]: Accepted publickey for tefat from 192.168.5.11 port 50854 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
179. Apr 29 14:57:44 NGC1977 sshd[58091]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
180. Apr 29 14:57:44 NGC1977 systemd-logind[738]: New session 90 of user tefat.
181. Apr 29 15:00:01 NGC1977 CRON[61320]: pam_unix(cron:session): session opened for user tefat by (uid=0)
182. Apr 29 15:00:01 NGC1977 CRON[61319]: pam_unix(cron:session): session opened for user tefat by (uid=0)
183. Apr 29 15:00:01 NGC1977 CRON[61321]: pam_unix(cron:session): session opened for user tefat by (uid=0)
184. Apr 29 15:00:01 NGC1977 CRON[61320]: pam_unix(cron:session): session closed for user tefat
185. Apr 29 15:00:01 NGC1977 CRON[61319]: pam_unix(cron:session): session closed for user tefat
186. Apr 29 15:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
187. Apr 29 15:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
188. Apr 29 15:00:01 NGC1977 CRON[61321]: pam_unix(cron:session): session closed for user tefat
189. Apr 29 15:02:45 NGC1977 sshd[64967]: Accepted publickey for tefat from 192.168.5.11 port 51750 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
190. Apr 29 15:02:45 NGC1977 sshd[64967]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
191. Apr 29 15:02:45 NGC1977 systemd-logind[738]: New session 94 of user tefat.
192. Apr 29 15:09:01 NGC1977 CRON[8689]: pam_unix(cron:session): session opened for user root by (uid=0)
193. Apr 29 15:09:01 NGC1977 CRON[8689]: pam_unix(cron:session): session closed for user root
194. Apr 29 15:15:01 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/nano /etc/ssh/sshd_config
195. Apr 29 15:15:01 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
196. Apr 29 15:15:33 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
197. Apr 29 15:15:39 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl restart sshd.service
198. Apr 29 15:15:39 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
199. Apr 29 15:15:39 NGC1977 sshd[58023]: Received signal 15; terminating.
200. Apr 29 15:15:39 NGC1977 sshd[17874]: Server listening on 0.0.0.0 port 666.
201. Apr 29 15:15:39 NGC1977 sshd[17874]: Server listening on :: port 666.
202. Apr 29 15:15:39 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
203. Apr 29 15:16:42 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/nano /etc/ssh/sshd_config
204. Apr 29 15:16:42 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
205. Apr 29 15:16:50 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
206. Apr 29 15:16:52 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl restart sshd.service
207. Apr 29 15:16:52 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
208. Apr 29 15:16:52 NGC1977 sshd[17874]: Received signal 15; terminating.
209. Apr 29 15:16:52 NGC1977 sshd[19512]: debug1: Set /proc/self/oom_score_adj from 0 to -1000
210. Apr 29 15:16:52 NGC1977 sshd[19512]: debug1: Bind to port 666 on 0.0.0.0.
211. Apr 29 15:16:52 NGC1977 sshd[19512]: Server listening on 0.0.0.0 port 666.
212. Apr 29 15:16:52 NGC1977 sshd[19512]: debug1: Bind to port 666 on ::.
213. Apr 29 15:16:52 NGC1977 sshd[19512]: Server listening on :: port 666.
214. Apr 29 15:16:52 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
215. Apr 29 15:16:53 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/nano /etc/ssh/sshd_config
216. Apr 29 15:16:53 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
217. Apr 29 15:17:01 NGC1977 CRON[19723]: pam_unix(cron:session): session opened for user root by (uid=0)
218. Apr 29 15:17:01 NGC1977 CRON[19723]: pam_unix(cron:session): session closed for user root
219. Apr 29 15:17:02 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
220. Apr 29 15:17:04 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl restart sshd.service
221. Apr 29 15:17:04 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
222. Apr 29 15:17:04 NGC1977 sshd[19512]: Received signal 15; terminating.
223. Apr 29 15:17:04 NGC1977 sshd[19796]: debug1: Set /proc/self/oom_score_adj from 0 to -1000
224. Apr 29 15:17:04 NGC1977 sshd[19796]: debug1: Bind to port 666 on 0.0.0.0.
225. Apr 29 15:17:04 NGC1977 sshd[19796]: Server listening on 0.0.0.0 port 666.
226. Apr 29 15:17:04 NGC1977 sshd[19796]: debug1: Bind to port 666 on ::.
227. Apr 29 15:17:04 NGC1977 sshd[19796]: Server listening on :: port 666.
228. Apr 29 15:17:04 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
229. Apr 29 15:17:29 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/bin/cat syslog
230. Apr 29 15:17:29 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
231. Apr 29 15:17:39 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
232. Apr 29 15:17:48 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/bin/cat lastlog
233. Apr 29 15:17:48 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
234. Apr 29 15:17:49 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
235. Apr 29 15:18:28 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/bin/nano auth.log
236. Apr 29 15:18:28 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
237. Apr 29 15:18:52 NGC1977 sshd[19796]: debug1: Forked child 22377.
238. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: Set /proc/self/oom_score_adj to 0
239. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
240. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: inetd sockets after dupping: 3, 3
241. Apr 29 15:18:52 NGC1977 sshd[22377]: Connection from 192.168.5.11 port 54651 on 192.168.5.2 port 666
242. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: Client protocol version 2.0; client software version FileZilla_3.41.2
243. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: no match: FileZilla_3.41.2
244. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
245. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: Enabling compatibility mode for protocol 2.0
246. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: permanently_set_uid: 106/65534 [preauth]
247. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
248. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: SSH2_MSG_KEXINIT sent [preauth]
249. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: SSH2_MSG_KEXINIT received [preauth]
250. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
251. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
252. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
253. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
254. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
255. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: rekey after 4294967296 blocks [preauth]
256. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
257. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
258. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: SSH2_MSG_NEWKEYS received [preauth]
259. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: rekey after 4294967296 blocks [preauth]
260. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: KEX done [preauth]
261. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: userauth-request for user gjest service ssh-connection method none [preauth]
262. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: attempt 0 failures 0 [preauth]
263. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: user gjest matched group list jail at line 126
264. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: PAM: initializing for "gjest"
265. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
266. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: PAM: setting PAM_TTY to "ssh"
267. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: userauth-request for user gjest service ssh-connection method password [preauth]
268. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: attempt 1 failures 0 [preauth]
269. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: PAM: password authentication accepted for gjest
270. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: do_pam_account: called
271. Apr 29 15:18:52 NGC1977 sshd[22377]: Accepted password for gjest from 192.168.5.11 port 54651 ssh2
272. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: monitor_child_preauth: gjest has been authenticated by privileged process
273. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: monitor_read_log: child log fd closed
274. Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: PAM: establishing credentials
275. Apr 29 15:18:52 NGC1977 sshd[22377]: pam_unix(sshd:session): session opened for user gjest by (uid=0)
276. Apr 29 15:18:52 NGC1977 systemd-logind[738]: New session 97 of user gjest.
277. Apr 29 15:18:52 NGC1977 systemd: pam_unix(systemd-user:session): session opened for user gjest by (uid=0)
278. Apr 29 15:18:52 NGC1977 sshd[22377]: User child is on pid 22391
279. Apr 29 15:18:52 NGC1977 sshd[22391]: debug1: SELinux support disabled
280. Apr 29 15:18:52 NGC1977 sshd[22391]: debug1: PAM: establishing credentials
281. Apr 29 15:22:05 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
282. Apr 29 15:22:06 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/bin/nano auth.log
283. Apr 29 15:22:06 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
284. Apr 29 15:22:48 NGC1977 sshd[22377]: debug1: PAM: cleanup
285. Apr 29 15:22:48 NGC1977 sshd[22377]: debug1: PAM: closing session
286. Apr 29 15:22:48 NGC1977 sshd[22377]: pam_unix(sshd:session): session closed for user gjest
287. Apr 29 15:22:48 NGC1977 sshd[22377]: debug1: PAM: deleting credentials
288. Apr 29 15:22:48 NGC1977 systemd-logind[738]: Removed session 97.
289. Apr 29 15:22:48 NGC1977 systemd: pam_unix(systemd-user:session): session closed for user gjest
290. Apr 29 15:22:50 NGC1977 sshd[19796]: debug1: Forked child 27869.
291. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: Set /proc/self/oom_score_adj to 0
292. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
293. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: inetd sockets after dupping: 3, 3
294. Apr 29 15:22:50 NGC1977 sshd[27869]: Connection from 192.168.5.11 port 55456 on 192.168.5.2 port 666
295. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: Client protocol version 2.0; client software version FileZilla_3.41.2
296. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: no match: FileZilla_3.41.2
297. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
298. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: Enabling compatibility mode for protocol 2.0
299. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: permanently_set_uid: 106/65534 [preauth]
300. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
301. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: SSH2_MSG_KEXINIT sent [preauth]
302. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: SSH2_MSG_KEXINIT received [preauth]
303. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
304. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
305. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
306. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
307. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
308. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: rekey after 4294967296 blocks [preauth]
309. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
310. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
311. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: SSH2_MSG_NEWKEYS received [preauth]
312. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: rekey after 4294967296 blocks [preauth]
313. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: KEX done [preauth]
314. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: userauth-request for user gjest service ssh-connection method none [preauth]
315. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: attempt 0 failures 0 [preauth]
316. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: user gjest matched group list jail at line 126
317. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: PAM: initializing for "gjest"
318. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
319. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: PAM: setting PAM_TTY to "ssh"
320. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: userauth-request for user gjest service ssh-connection method password [preauth]
321. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: attempt 1 failures 0 [preauth]
322. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: PAM: password authentication accepted for gjest
323. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: do_pam_account: called
324. Apr 29 15:22:50 NGC1977 sshd[27869]: Accepted password for gjest from 192.168.5.11 port 55456 ssh2
325. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: monitor_child_preauth: gjest has been authenticated by privileged process
326. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: monitor_read_log: child log fd closed
327. Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: PAM: establishing credentials
328. Apr 29 15:22:50 NGC1977 sshd[27869]: pam_unix(sshd:session): session opened for user gjest by (uid=0)
329. Apr 29 15:22:50 NGC1977 systemd-logind[738]: New session 99 of user gjest.
330. Apr 29 15:22:50 NGC1977 systemd: pam_unix(systemd-user:session): session opened for user gjest by (uid=0)
331. Apr 29 15:22:51 NGC1977 sshd[27869]: User child is on pid 27880
332. Apr 29 15:22:51 NGC1977 sshd[27880]: debug1: SELinux support disabled
333. Apr 29 15:22:51 NGC1977 sshd[27880]: debug1: PAM: establishing credentials
334. Apr 29 15:22:54 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
335. Apr 29 15:22:56 NGC1977 sshd[58091]: pam_unix(sshd:session): session closed for user tefat
336. Apr 29 15:22:56 NGC1977 systemd-logind[738]: Removed session 90.
337. Apr 29 15:23:01 NGC1977 sshd[64967]: pam_unix(sshd:session): session closed for user tefat
338. Apr 29 15:23:01 NGC1977 systemd-logind[738]: Removed session 94.
339. Apr 29 15:23:16 NGC1977 sshd[19796]: debug1: Forked child 28623.
340. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: Set /proc/self/oom_score_adj to 0
341. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
342. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: inetd sockets after dupping: 3, 3
343. Apr 29 15:23:16 NGC1977 sshd[28623]: Connection from 192.168.5.11 port 55527 on 192.168.5.2 port 666
344. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.70
345. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: no match: PuTTY_Release_0.70
346. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
347. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: Enabling compatibility mode for protocol 2.0
348. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: permanently_set_uid: 106/65534 [preauth]
349. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
350. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: SSH2_MSG_KEXINIT sent [preauth]
351. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: SSH2_MSG_KEXINIT received [preauth]
352. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
353. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
354. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
355. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
356. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
357. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: rekey after 4294967296 blocks [preauth]
358. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
359. Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
360. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: SSH2_MSG_NEWKEYS received [preauth]
361. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: rekey after 4294967296 blocks [preauth]
362. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: KEX done [preauth]
363. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: userauth-request for user tefat service ssh-connection method none [preauth]
364. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: attempt 0 failures 0 [preauth]
365. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: user tefat matched group list jail at line 126
366. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: PAM: initializing for "tefat"
367. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
368. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: PAM: setting PAM_TTY to "ssh"
369. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
370. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: attempt 1 failures 0 [preauth]
371. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I [preauth]
372. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
373. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
374. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: fd 4 clearing O_NONBLOCK
375. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
376. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: restore_uid: 0/0
377. Apr 29 15:23:17 NGC1977 sshd[28623]: Postponed publickey for tefat from 192.168.5.11 port 55527 ssh2 [preauth]
378. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
379. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: attempt 2 failures 0 [preauth]
380. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
381. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
382. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: fd 4 clearing O_NONBLOCK
383. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
384. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: restore_uid: 0/0
385. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: do_pam_account: called
386. Apr 29 15:23:17 NGC1977 sshd[28623]: Accepted publickey for tefat from 192.168.5.11 port 55527 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
387. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: monitor_child_preauth: tefat has been authenticated by privileged process
388. Apr 29 15:23:17 NGC1977 systemd-logind[738]: New session 101 of user tefat.
389. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: monitor_read_log: child log fd closed
390. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: PAM: establishing credentials
391. Apr 29 15:23:17 NGC1977 sshd[28623]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
392. Apr 29 15:23:17 NGC1977 sshd[28623]: User child is on pid 28631
393. Apr 29 15:23:17 NGC1977 sshd[28631]: debug1: SELinux support disabled
394. Apr 29 15:23:17 NGC1977 sshd[28631]: debug1: PAM: establishing credentials
395. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: session_new: session 0
396. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: SELinux support disabled
397. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: session_by_tty: session 0 tty /dev/pts/0
398. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: session_pty_cleanup: session 0 release /dev/pts/0
399. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: PAM: cleanup
400. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: PAM: closing session
401. Apr 29 15:23:17 NGC1977 sshd[28623]: pam_unix(sshd:session): session closed for user tefat
402. Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: PAM: deleting credentials
403. Apr 29 15:23:17 NGC1977 systemd-logind[738]: Removed session 101.
404. Apr 29 15:23:30 NGC1977 sshd[27869]: debug1: PAM: cleanup
405. Apr 29 15:23:30 NGC1977 sshd[27869]: debug1: PAM: closing session
406. Apr 29 15:23:30 NGC1977 sshd[27869]: pam_unix(sshd:session): session closed for user gjest
407. Apr 29 15:23:30 NGC1977 sshd[27869]: debug1: PAM: deleting credentials
408. Apr 29 15:23:30 NGC1977 systemd-logind[738]: Removed session 99.
409. Apr 29 15:23:30 NGC1977 systemd: pam_unix(systemd-user:session): session closed for user gjest
410. Apr 29 15:23:33 NGC1977 sshd[19796]: debug1: Forked child 29020.
411. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: Set /proc/self/oom_score_adj to 0
412. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
413. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: inetd sockets after dupping: 3, 3
414. Apr 29 15:23:33 NGC1977 sshd[29020]: Connection from 192.168.5.11 port 55543 on 192.168.5.2 port 666
415. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: Client protocol version 2.0; client software version FileZilla_3.41.2
416. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: no match: FileZilla_3.41.2
417. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
418. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: Enabling compatibility mode for protocol 2.0
419. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: permanently_set_uid: 106/65534 [preauth]
420. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
421. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: SSH2_MSG_KEXINIT sent [preauth]
422. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: SSH2_MSG_KEXINIT received [preauth]
423. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
424. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
425. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
426. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
427. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
428. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: rekey after 4294967296 blocks [preauth]
429. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
430. Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
431. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: SSH2_MSG_NEWKEYS received [preauth]
432. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: rekey after 4294967296 blocks [preauth]
433. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: KEX done [preauth]
434. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: userauth-request for user gjest service ssh-connection method none [preauth]
435. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: attempt 0 failures 0 [preauth]
436. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: user gjest matched group list jail at line 126
437. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: PAM: initializing for "gjest"
438. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
439. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: PAM: setting PAM_TTY to "ssh"
440. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: userauth-request for user gjest service ssh-connection method password [preauth]
441. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: attempt 1 failures 0 [preauth]
442. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: PAM: password authentication accepted for gjest
443. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: do_pam_account: called
444. Apr 29 15:23:34 NGC1977 sshd[29020]: Accepted password for gjest from 192.168.5.11 port 55543 ssh2
445. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: monitor_child_preauth: gjest has been authenticated by privileged process
446. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: monitor_read_log: child log fd closed
447. Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: PAM: establishing credentials
448. Apr 29 15:23:34 NGC1977 sshd[29020]: pam_unix(sshd:session): session opened for user gjest by (uid=0)
449. Apr 29 15:23:34 NGC1977 systemd-logind[738]: New session 102 of user gjest.
450. Apr 29 15:23:34 NGC1977 systemd: pam_unix(systemd-user:session): session opened for user gjest by (uid=0)
451. Apr 29 15:23:34 NGC1977 sshd[29020]: User child is on pid 29041
452. Apr 29 15:23:34 NGC1977 sshd[29041]: debug1: SELinux support disabled
453. Apr 29 15:23:34 NGC1977 sshd[29041]: debug1: PAM: establishing credentials
454. Apr 29 15:23:53 NGC1977 sshd[29020]: debug1: PAM: cleanup
455. Apr 29 15:23:53 NGC1977 sshd[29020]: debug1: PAM: closing session
456. Apr 29 15:23:53 NGC1977 sshd[29020]: pam_unix(sshd:session): session closed for user gjest
457. Apr 29 15:23:53 NGC1977 sshd[29020]: debug1: PAM: deleting credentials
458. Apr 29 15:23:53 NGC1977 systemd-logind[738]: Removed session 102.
459. Apr 29 15:23:53 NGC1977 systemd: pam_unix(systemd-user:session): session closed for user gjest
460. Apr 29 15:24:14 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/nano /var/log/auth.log
461. Apr 29 15:24:14 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
462. Apr 29 15:25:13 NGC1977 sshd[19796]: debug1: Forked child 31227.
463. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: Set /proc/self/oom_score_adj to 0
464. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
465. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: inetd sockets after dupping: 3, 3
466. Apr 29 15:25:13 NGC1977 sshd[31227]: Connection from 192.168.5.11 port 55850 on 192.168.5.2 port 666
467. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: Client protocol version 2.0; client software version FileZilla_3.41.2
468. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: no match: FileZilla_3.41.2
469. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
470. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: Enabling compatibility mode for protocol 2.0
471. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: permanently_set_uid: 106/65534 [preauth]
472. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
473. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: SSH2_MSG_KEXINIT sent [preauth]
474. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: SSH2_MSG_KEXINIT received [preauth]
475. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
476. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
477. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
478. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
479. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
480. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: rekey after 4294967296 blocks [preauth]
481. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
482. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
483. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: SSH2_MSG_NEWKEYS received [preauth]
484. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: rekey after 4294967296 blocks [preauth]
485. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: KEX done [preauth]
486. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: userauth-request for user tefat service ssh-connection method none [preauth]
487. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: attempt 0 failures 0 [preauth]
488. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: user tefat matched group list jail at line 126
489. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: PAM: initializing for "tefat"
490. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
491. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: PAM: setting PAM_TTY to "ssh"
492. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: userauth-request for user tefat service ssh-connection method password [preauth]
493. Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: attempt 1 failures 0 [preauth]
494. Apr 29 15:25:13 NGC1977 sshd[31227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.5.11 user=tefat
495. Apr 29 15:25:15 NGC1977 sshd[31227]: debug1: PAM: password authentication failed for tefat: Authentication failure
496. Apr 29 15:25:15 NGC1977 sshd[31227]: Failed password for tefat from 192.168.5.11 port 55850 ssh2
497. Apr 29 15:25:15 NGC1977 sshd[31227]: error: Received disconnect from 192.168.5.11 port 55850:13: Unable to authenticate [preauth]
498. Apr 29 15:25:15 NGC1977 sshd[31227]: Disconnected from 192.168.5.11 port 55850 [preauth]
499. Apr 29 15:25:15 NGC1977 sshd[31227]: debug1: do_cleanup [preauth]
500. Apr 29 15:25:15 NGC1977 sshd[31227]: debug1: monitor_read_log: child log fd closed
501. Apr 29 15:25:15 NGC1977 sshd[31227]: debug1: do_cleanup
502. Apr 29 15:25:15 NGC1977 sshd[31227]: debug1: PAM: cleanup
503. Apr 29 15:25:15 NGC1977 sshd[31227]: debug1: Killing privsep child 31228
504. Apr 29 15:25:15 NGC1977 sshd[31227]: debug1: audit_event: unhandled event 12
505. Apr 29 15:25:30 NGC1977 sshd[19796]: debug1: Forked child 31683.
506. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: Set /proc/self/oom_score_adj to 0
507. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
508. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: inetd sockets after dupping: 3, 3
509. Apr 29 15:25:30 NGC1977 sshd[31683]: Connection from 192.168.5.11 port 55908 on 192.168.5.2 port 666
510. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: Client protocol version 2.0; client software version FileZilla_3.41.2
511. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: no match: FileZilla_3.41.2
512. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
513. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: Enabling compatibility mode for protocol 2.0
514. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: permanently_set_uid: 106/65534 [preauth]
515. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
516. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: SSH2_MSG_KEXINIT sent [preauth]
517. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: SSH2_MSG_KEXINIT received [preauth]
518. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
519. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
520. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
521. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
522. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
523. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: rekey after 4294967296 blocks [preauth]
524. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
525. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
526. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: SSH2_MSG_NEWKEYS received [preauth]
527. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: rekey after 4294967296 blocks [preauth]
528. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: KEX done [preauth]
529. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: userauth-request for user tefat service ssh-connection method none [preauth]
530. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: attempt 0 failures 0 [preauth]
531. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: user tefat matched group list jail at line 126
532. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: PAM: initializing for "tefat"
533. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
534. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: PAM: setting PAM_TTY to "ssh"
535. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: userauth-request for user tefat service ssh-connection method password [preauth]
536. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: attempt 1 failures 0 [preauth]
537. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: PAM: password authentication accepted for tefat
538. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: do_pam_account: called
539. Apr 29 15:25:30 NGC1977 sshd[31683]: Accepted password for tefat from 192.168.5.11 port 55908 ssh2
540. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: monitor_child_preauth: tefat has been authenticated by privileged process
541. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: monitor_read_log: child log fd closed
542. Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: PAM: establishing credentials
543. Apr 29 15:25:30 NGC1977 sshd[31683]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
544. Apr 29 15:25:30 NGC1977 systemd-logind[738]: New session 104 of user tefat.
545. Apr 29 15:25:30 NGC1977 sshd[31683]: User child is on pid 31690
546. Apr 29 15:25:30 NGC1977 sshd[31690]: debug1: SELinux support disabled
547. Apr 29 15:25:30 NGC1977 sshd[31690]: debug1: PAM: establishing credentials
548. Apr 29 15:25:45 NGC1977 sshd[19796]: debug1: Forked child 32017.
549. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: Set /proc/self/oom_score_adj to 0
550. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
551. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: inetd sockets after dupping: 3, 3
552. Apr 29 15:25:45 NGC1977 sshd[32017]: Connection from 192.168.5.11 port 55967 on 192.168.5.2 port 666
553. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.70
554. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: no match: PuTTY_Release_0.70
555. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
556. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: Enabling compatibility mode for protocol 2.0
557. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: permanently_set_uid: 106/65534 [preauth]
558. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
559. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: SSH2_MSG_KEXINIT sent [preauth]
560. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: SSH2_MSG_KEXINIT received [preauth]
561. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
562. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
563. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
564. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
565. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
566. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: rekey after 4294967296 blocks [preauth]
567. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
568. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
569. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: SSH2_MSG_NEWKEYS received [preauth]
570. Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: rekey after 4294967296 blocks [preauth]
571. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: KEX done [preauth]
572. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: userauth-request for user tefat service ssh-connection method none [preauth]
573. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: attempt 0 failures 0 [preauth]
574. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: user tefat matched group list jail at line 126
575. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: PAM: initializing for "tefat"
576. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
577. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: PAM: setting PAM_TTY to "ssh"
578. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
579. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: attempt 1 failures 0 [preauth]
580. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I [preauth]
581. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
582. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
583. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: fd 4 clearing O_NONBLOCK
584. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
585. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: restore_uid: 0/0
586. Apr 29 15:25:46 NGC1977 sshd[32017]: Postponed publickey for tefat from 192.168.5.11 port 55967 ssh2 [preauth]
587. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
588. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: attempt 2 failures 0 [preauth]
589. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
590. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
591. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: fd 4 clearing O_NONBLOCK
592. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
593. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: restore_uid: 0/0
594. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: do_pam_account: called
595. Apr 29 15:25:46 NGC1977 sshd[32017]: Accepted publickey for tefat from 192.168.5.11 port 55967 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
596. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: monitor_child_preauth: tefat has been authenticated by privileged process
597. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: monitor_read_log: child log fd closed
598. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: PAM: establishing credentials
599. Apr 29 15:25:46 NGC1977 sshd[32017]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
600. Apr 29 15:25:46 NGC1977 systemd-logind[738]: New session 105 of user tefat.
601. Apr 29 15:25:46 NGC1977 sshd[32017]: User child is on pid 32028
602. Apr 29 15:25:46 NGC1977 sshd[32028]: debug1: SELinux support disabled
603. Apr 29 15:25:46 NGC1977 sshd[32028]: debug1: PAM: establishing credentials
604. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: session_new: session 0
605. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: SELinux support disabled
606. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: session_by_tty: session 0 tty /dev/pts/0
607. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: session_pty_cleanup: session 0 release /dev/pts/0
608. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: PAM: cleanup
609. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: PAM: closing session
610. Apr 29 15:25:46 NGC1977 sshd[32017]: pam_unix(sshd:session): session closed for user tefat
611. Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: PAM: deleting credentials
612. Apr 29 15:25:46 NGC1977 systemd-logind[738]: Removed session 105.
613. Apr 29 15:26:38 NGC1977 sshd[19796]: debug1: Forked child 33263.
614. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: Set /proc/self/oom_score_adj to 0
615. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
616. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: inetd sockets after dupping: 3, 3
617. Apr 29 15:26:38 NGC1977 sshd[33263]: Connection from 192.168.5.11 port 56101 on 192.168.5.2 port 666
618. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.70
619. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: no match: PuTTY_Release_0.70
620. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
621. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: Enabling compatibility mode for protocol 2.0
622. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: permanently_set_uid: 106/65534 [preauth]
623. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
624. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: SSH2_MSG_KEXINIT sent [preauth]
625. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: SSH2_MSG_KEXINIT received [preauth]
626. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
627. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
628. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
629. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
630. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
631. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: rekey after 4294967296 blocks [preauth]
632. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
633. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
634. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: SSH2_MSG_NEWKEYS received [preauth]
635. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: rekey after 4294967296 blocks [preauth]
636. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: KEX done [preauth]
637. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: userauth-request for user gjest service ssh-connection method none [preauth]
638. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: attempt 0 failures 0 [preauth]
639. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: user gjest matched group list jail at line 126
640. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: PAM: initializing for "gjest"
641. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
642. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: PAM: setting PAM_TTY to "ssh"
643. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: userauth-request for user gjest service ssh-connection method publickey [preauth]
644. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: attempt 1 failures 0 [preauth]
645. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I [preauth]
646. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: temporarily_use_uid: 1001/1002 (e=0/0)
647. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: trying public key file /home/jail//.ssh/authorized_keys
648. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: Could not open authorized keys '/home/jail//.ssh/authorized_keys': No such file or directory
649. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: restore_uid: 0/0
650. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: temporarily_use_uid: 1001/1002 (e=0/0)
651. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: trying public key file /home/jail//.ssh/authorized_keys2
652. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: Could not open authorized keys '/home/jail//.ssh/authorized_keys2': No such file or directory
653. Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: restore_uid: 0/0
654. Apr 29 15:26:38 NGC1977 sshd[33263]: Failed publickey for gjest from 192.168.5.11 port 56101 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
655. Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: userauth-request for user gjest service ssh-connection method password [preauth]
656. Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: attempt 2 failures 1 [preauth]
657. Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: PAM: password authentication accepted for gjest
658. Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: do_pam_account: called
659. Apr 29 15:26:51 NGC1977 sshd[33263]: Accepted password for gjest from 192.168.5.11 port 56101 ssh2
660. Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: monitor_child_preauth: gjest has been authenticated by privileged process
661. Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: monitor_read_log: child log fd closed
662. Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: PAM: establishing credentials
663. Apr 29 15:26:51 NGC1977 sshd[33263]: pam_unix(sshd:session): session opened for user gjest by (uid=0)
664. Apr 29 15:26:51 NGC1977 systemd-logind[738]: New session 106 of user gjest.
665. Apr 29 15:26:51 NGC1977 systemd: pam_unix(systemd-user:session): session opened for user gjest by (uid=0)
666. Apr 29 15:26:51 NGC1977 sshd[33263]: User child is on pid 33475
667. Apr 29 15:26:51 NGC1977 sshd[33475]: debug1: SELinux support disabled
668. Apr 29 15:26:51 NGC1977 sshd[33475]: debug1: PAM: establishing credentials
669. Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: session_new: session 0
670. Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: SELinux support disabled
671. Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: session_by_tty: session 0 tty /dev/pts/0
672. Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: session_pty_cleanup: session 0 release /dev/pts/0
673. Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: PAM: cleanup
674. Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: PAM: closing session
675. Apr 29 15:26:51 NGC1977 sshd[33263]: pam_unix(sshd:session): session closed for user gjest
676. Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: PAM: deleting credentials
677. Apr 29 15:26:51 NGC1977 systemd-logind[738]: Removed session 106.
678. Apr 29 15:26:51 NGC1977 systemd: pam_unix(systemd-user:session): session closed for user gjest
679. Apr 29 15:28:16 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
680. Apr 29 15:28:22 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl restart sshd.service
681. Apr 29 15:28:22 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
682. Apr 29 15:28:22 NGC1977 sshd[19796]: Received signal 15; terminating.
683. Apr 29 15:28:22 NGC1977 sshd[35628]: debug1: Set /proc/self/oom_score_adj from 0 to -1000
684. Apr 29 15:28:22 NGC1977 sshd[35628]: debug1: Bind to port 666 on 0.0.0.0.
685. Apr 29 15:28:22 NGC1977 sshd[35628]: Server listening on 0.0.0.0 port 666.
686. Apr 29 15:28:22 NGC1977 sshd[35628]: debug1: Bind to port 666 on ::.
687. Apr 29 15:28:22 NGC1977 sshd[35628]: Server listening on :: port 666.
688. Apr 29 15:28:22 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
689. Apr 29 15:28:26 NGC1977 sshd[35628]: debug1: Forked child 35696.
690. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: Set /proc/self/oom_score_adj to 0
691. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
692. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: inetd sockets after dupping: 3, 3
693. Apr 29 15:28:26 NGC1977 sshd[35696]: Connection from 192.168.5.11 port 56459 on 192.168.5.2 port 666
694. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.70
695. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: no match: PuTTY_Release_0.70
696. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
697. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: Enabling compatibility mode for protocol 2.0
698. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: permanently_set_uid: 106/65534 [preauth]
699. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
700. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: SSH2_MSG_KEXINIT sent [preauth]
701. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: SSH2_MSG_KEXINIT received [preauth]
702. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
703. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
704. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
705. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
706. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
707. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: rekey after 4294967296 blocks [preauth]
708. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
709. Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
710. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: SSH2_MSG_NEWKEYS received [preauth]
711. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: rekey after 4294967296 blocks [preauth]
712. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: KEX done [preauth]
713. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: userauth-request for user tefat service ssh-connection method none [preauth]
714. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: attempt 0 failures 0 [preauth]
715. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: user tefat matched group list jail at line 126
716. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: PAM: initializing for "tefat"
717. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
718. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: PAM: setting PAM_TTY to "ssh"
719. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
720. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: attempt 1 failures 0 [preauth]
721. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I [preauth]
722. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
723. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
724. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: fd 4 clearing O_NONBLOCK
725. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
726. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: restore_uid: 0/0
727. Apr 29 15:28:27 NGC1977 sshd[35696]: Postponed publickey for tefat from 192.168.5.11 port 56459 ssh2 [preauth]
728. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
729. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: attempt 2 failures 0 [preauth]
730. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
731. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
732. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: fd 4 clearing O_NONBLOCK
733. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
734. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: restore_uid: 0/0
735. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: do_pam_account: called
736. Apr 29 15:28:27 NGC1977 sshd[35696]: Accepted publickey for tefat from 192.168.5.11 port 56459 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
737. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: monitor_child_preauth: tefat has been authenticated by privileged process
738. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: monitor_read_log: child log fd closed
739. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: PAM: establishing credentials
740. Apr 29 15:28:27 NGC1977 sshd[35696]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
741. Apr 29 15:28:27 NGC1977 systemd-logind[738]: New session 108 of user tefat.
742. Apr 29 15:28:27 NGC1977 sshd[35696]: User child is on pid 35704
743. Apr 29 15:28:27 NGC1977 sshd[35704]: debug1: SELinux support disabled
744. Apr 29 15:28:27 NGC1977 sshd[35704]: debug1: PAM: establishing credentials
745. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: session_new: session 0
746. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: SELinux support disabled
747. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: session_by_tty: session 0 tty /dev/pts/0
748. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: session_pty_cleanup: session 0 release /dev/pts/0
749. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: PAM: cleanup
750. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: PAM: closing session
751. Apr 29 15:28:27 NGC1977 sshd[35696]: pam_unix(sshd:session): session closed for user tefat
752. Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: PAM: deleting credentials
753. Apr 29 15:28:27 NGC1977 systemd-logind[738]: Removed session 108.
754. Apr 29 15:28:47 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/nano /etc/ssh/sshd_config
755. Apr 29 15:28:47 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
756. Apr 29 15:28:58 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
757. Apr 29 15:29:00 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl restart sshd.service
758. Apr 29 15:29:00 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
759. Apr 29 15:29:00 NGC1977 sshd[35628]: Received signal 15; terminating.
760. Apr 29 15:29:00 NGC1977 sshd[36442]: debug1: Set /proc/self/oom_score_adj from 0 to -1000
761. Apr 29 15:29:00 NGC1977 sshd[36442]: debug1: Bind to port 666 on 0.0.0.0.
762. Apr 29 15:29:00 NGC1977 sshd[36442]: Server listening on 0.0.0.0 port 666.
763. Apr 29 15:29:00 NGC1977 sshd[36442]: debug1: Bind to port 666 on ::.
764. Apr 29 15:29:00 NGC1977 sshd[36442]: Server listening on :: port 666.
765. Apr 29 15:29:00 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
766. Apr 29 15:29:04 NGC1977 sshd[36442]: debug1: Forked child 36514.
767. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: Set /proc/self/oom_score_adj to 0
768. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
769. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: inetd sockets after dupping: 3, 3
770. Apr 29 15:29:04 NGC1977 sshd[36514]: Connection from 192.168.5.11 port 56541 on 192.168.5.2 port 666
771. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.70
772. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: no match: PuTTY_Release_0.70
773. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
774. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: Enabling compatibility mode for protocol 2.0
775. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: permanently_set_uid: 106/65534 [preauth]
776. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
777. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: SSH2_MSG_KEXINIT sent [preauth]
778. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: SSH2_MSG_KEXINIT received [preauth]
779. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
780. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
781. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
782. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
783. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
784. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: rekey after 4294967296 blocks [preauth]
785. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
786. Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
787. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: SSH2_MSG_NEWKEYS received [preauth]
788. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: rekey after 4294967296 blocks [preauth]
789. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: KEX done [preauth]
790. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: userauth-request for user tefat service ssh-connection method none [preauth]
791. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: attempt 0 failures 0 [preauth]
792. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: PAM: initializing for "tefat"
793. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
794. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: PAM: setting PAM_TTY to "ssh"
795. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
796. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: attempt 1 failures 0 [preauth]
797. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I [preauth]
798. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
799. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
800. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: fd 4 clearing O_NONBLOCK
801. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
802. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: restore_uid: 0/0
803. Apr 29 15:29:05 NGC1977 sshd[36514]: Postponed publickey for tefat from 192.168.5.11 port 56541 ssh2 [preauth]
804. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
805. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: attempt 2 failures 0 [preauth]
806. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
807. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
808. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: fd 4 clearing O_NONBLOCK
809. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
810. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: restore_uid: 0/0
811. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: do_pam_account: called
812. Apr 29 15:29:05 NGC1977 sshd[36514]: Accepted publickey for tefat from 192.168.5.11 port 56541 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
813. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: monitor_child_preauth: tefat has been authenticated by privileged process
814. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: monitor_read_log: child log fd closed
815. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: PAM: establishing credentials
816. Apr 29 15:29:05 NGC1977 sshd[36514]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
817. Apr 29 15:29:05 NGC1977 systemd-logind[738]: New session 109 of user tefat.
818. Apr 29 15:29:05 NGC1977 sshd[36514]: User child is on pid 36522
819. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: SELinux support disabled
820. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: PAM: establishing credentials
821. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: permanently_set_uid: 1000/1000
822. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: rekey after 4294967296 blocks
823. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: rekey after 4294967296 blocks
824. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: ssh_packet_set_postauth: called
825. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: Entering interactive session for SSH2.
826. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: server_init_dispatch
827. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384
828. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: input_session_request
829. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: channel 0: new [server-session]
830. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_new: session 0
831. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_open: channel 0
832. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_open: session 0: link with channel 0
833. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: server_input_channel_open: confirm session
834. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request pty-req reply 1
835. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
836. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req pty-req
837. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: Allocating pty.
838. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: session_new: session 0
839. Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: SELinux support disabled
840. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_pty_req: session 0 alloc /dev/pts/0
841. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request shell reply 1
842. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
843. Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req shell
844. Apr 29 15:29:05 NGC1977 sshd[36522]: Starting session: shell on pts/0 for tefat from 192.168.5.11 port 56541 id 0
845. Apr 29 15:29:05 NGC1977 sshd[36523]: debug1: Setting controlling tty using TIOCSCTTY.
846. Apr 29 15:29:13 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request window-change reply 0
847. Apr 29 15:29:13 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
848. Apr 29 15:29:13 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req window-change
849. Apr 29 15:29:53 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/nano /var/log/auth.log
850. Apr 29 15:29:53 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
851. Apr 29 15:29:56 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
852. Apr 29 15:29:56 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
853. Apr 29 15:29:56 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
854. Apr 29 15:29:57 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
855. Apr 29 15:29:57 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
856. Apr 29 15:29:57 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
857. Apr 29 15:29:58 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
858. Apr 29 15:29:58 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
859. Apr 29 15:29:58 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
860. Apr 29 15:30:10 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
861. Apr 29 15:30:10 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
862. Apr 29 15:30:10 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
863. Apr 29 15:30:36 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
864. Apr 29 15:30:36 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
865. Apr 29 15:30:36 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
866. Apr 29 15:30:37 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
867. Apr 29 15:30:37 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
868. Apr 29 15:30:37 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
869. Apr 29 15:30:37 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
870. Apr 29 15:30:37 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
871. Apr 29 15:30:37 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
872. Apr 29 15:30:38 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
873. Apr 29 15:30:38 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
874. Apr 29 15:30:38 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
875. Apr 29 15:30:39 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
876. Apr 29 15:30:39 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
877. Apr 29 15:30:39 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
878. Apr 29 15:30:39 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
879. Apr 29 15:30:39 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
880. Apr 29 15:30:39 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
881. Apr 29 15:30:40 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
882. Apr 29 15:30:40 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
883. Apr 29 15:30:40 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
884. Apr 29 15:30:41 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
885. Apr 29 15:30:56 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /home/tefat/tmp/
886. Apr 29 15:30:56 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)