Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Apr 29 06:26:18 NGC1977 CRON[38593]: pam_unix(cron:session): session closed for user root
- Apr 29 06:39:01 NGC1977 CRON[40843]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 06:39:01 NGC1977 CRON[40843]: pam_unix(cron:session): session closed for user root
- Apr 29 06:41:48 NGC1977 sshd[41448]: Accepted password for tefat from 192.168.5.10 port 40200 ssh2
- Apr 29 06:41:48 NGC1977 sshd[41448]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
- Apr 29 06:41:48 NGC1977 systemd-logind[738]: New session 33 of user tefat.
- Apr 29 06:41:48 NGC1977 sshd[41448]: pam_unix(sshd:session): session closed for user tefat
- Apr 29 06:41:48 NGC1977 systemd-logind[738]: Removed session 33.
- Apr 29 06:41:50 NGC1977 sshd[41463]: Accepted password for tefat from 192.168.5.10 port 40202 ssh2
- Apr 29 06:41:50 NGC1977 sshd[41463]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
- Apr 29 06:41:50 NGC1977 systemd-logind[738]: New session 34 of user tefat.
- Apr 29 06:41:50 NGC1977 sshd[41463]: pam_unix(sshd:session): session closed for user tefat
- Apr 29 06:41:50 NGC1977 systemd-logind[738]: Removed session 34.
- Apr 29 06:41:51 NGC1977 sshd[41474]: Accepted password for tefat from 192.168.5.10 port 40204 ssh2
- Apr 29 06:41:51 NGC1977 sshd[41474]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
- Apr 29 06:41:51 NGC1977 systemd-logind[738]: New session 35 of user tefat.
- Apr 29 06:41:51 NGC1977 sshd[41474]: pam_unix(sshd:session): session closed for user tefat
- Apr 29 06:41:51 NGC1977 systemd-logind[738]: Removed session 35.
- Apr 29 06:41:53 NGC1977 sshd[41485]: Accepted password for tefat from 192.168.5.10 port 40206 ssh2
- Apr 29 06:41:53 NGC1977 sshd[41485]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
- Apr 29 06:41:53 NGC1977 systemd-logind[738]: New session 36 of user tefat.
- Apr 29 06:41:53 NGC1977 sshd[41485]: pam_unix(sshd:session): session closed for user tefat
- Apr 29 06:41:53 NGC1977 systemd-logind[738]: Removed session 36.
- Apr 29 06:42:39 NGC1977 sshd[41617]: Accepted password for tefat from 192.168.5.10 port 40232 ssh2
- Apr 29 06:42:39 NGC1977 sshd[41617]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
- Apr 29 06:42:39 NGC1977 systemd-logind[738]: New session 37 of user tefat.
- Apr 29 06:42:39 NGC1977 sshd[41617]: pam_unix(sshd:session): session closed for user tefat
- Apr 29 06:42:39 NGC1977 systemd-logind[738]: Removed session 37.
- Apr 29 07:00:01 NGC1977 CRON[44264]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 07:00:01 NGC1977 CRON[44265]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 07:00:01 NGC1977 CRON[44266]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 07:00:01 NGC1977 CRON[44264]: pam_unix(cron:session): session closed for user tefat
- Apr 29 07:00:01 NGC1977 CRON[44265]: pam_unix(cron:session): session closed for user tefat
- Apr 29 07:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
- Apr 29 07:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
- Apr 29 07:00:01 NGC1977 CRON[44266]: pam_unix(cron:session): session closed for user tefat
- Apr 29 07:09:01 NGC1977 CRON[45594]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 07:09:01 NGC1977 CRON[45594]: pam_unix(cron:session): session closed for user root
- Apr 29 07:17:01 NGC1977 CRON[46784]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 07:17:01 NGC1977 CRON[46784]: pam_unix(cron:session): session closed for user root
- Apr 29 07:39:01 NGC1977 CRON[50008]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 07:39:01 NGC1977 CRON[50008]: pam_unix(cron:session): session closed for user root
- Apr 29 08:00:01 NGC1977 CRON[53298]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 08:00:01 NGC1977 CRON[53300]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 08:00:01 NGC1977 CRON[53299]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 08:00:01 NGC1977 CRON[53298]: pam_unix(cron:session): session closed for user tefat
- Apr 29 08:00:01 NGC1977 CRON[53299]: pam_unix(cron:session): session closed for user tefat
- Apr 29 08:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
- Apr 29 08:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
- Apr 29 08:00:01 NGC1977 CRON[53300]: pam_unix(cron:session): session closed for user tefat
- Apr 29 08:09:01 NGC1977 CRON[54628]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 08:09:01 NGC1977 CRON[54628]: pam_unix(cron:session): session closed for user root
- Apr 29 08:17:01 NGC1977 CRON[55839]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 08:17:01 NGC1977 CRON[55839]: pam_unix(cron:session): session closed for user root
- Apr 29 08:39:01 NGC1977 CRON[59072]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 08:39:01 NGC1977 CRON[59072]: pam_unix(cron:session): session closed for user root
- Apr 29 09:00:01 NGC1977 CRON[62383]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 09:00:01 NGC1977 CRON[62382]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 09:00:01 NGC1977 CRON[62384]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 09:00:01 NGC1977 CRON[62383]: pam_unix(cron:session): session closed for user tefat
- Apr 29 09:00:01 NGC1977 CRON[62382]: pam_unix(cron:session): session closed for user tefat
- Apr 29 09:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
- Apr 29 09:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
- Apr 29 09:00:02 NGC1977 CRON[62384]: pam_unix(cron:session): session closed for user tefat
- Apr 29 09:09:01 NGC1977 CRON[63715]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 09:09:01 NGC1977 CRON[63715]: pam_unix(cron:session): session closed for user root
- Apr 29 09:17:01 NGC1977 CRON[64930]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 09:17:01 NGC1977 CRON[64930]: pam_unix(cron:session): session closed for user root
- Apr 29 09:39:01 NGC1977 CRON[2965]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 09:39:01 NGC1977 CRON[2965]: pam_unix(cron:session): session closed for user root
- Apr 29 10:00:01 NGC1977 CRON[6282]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 10:00:01 NGC1977 CRON[6284]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 10:00:01 NGC1977 CRON[6283]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 10:00:01 NGC1977 CRON[6283]: pam_unix(cron:session): session closed for user tefat
- Apr 29 10:00:01 NGC1977 CRON[6282]: pam_unix(cron:session): session closed for user tefat
- Apr 29 10:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
- Apr 29 10:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
- Apr 29 10:00:01 NGC1977 CRON[6284]: pam_unix(cron:session): session closed for user tefat
- Apr 29 10:09:01 NGC1977 CRON[7654]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 10:09:01 NGC1977 CRON[7654]: pam_unix(cron:session): session closed for user root
- Apr 29 10:17:01 NGC1977 CRON[8973]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 10:17:01 NGC1977 CRON[8973]: pam_unix(cron:session): session closed for user root
- Apr 29 10:39:01 NGC1977 CRON[12226]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 10:39:01 NGC1977 CRON[12226]: pam_unix(cron:session): session closed for user root
- Apr 29 11:00:01 NGC1977 CRON[15484]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 11:00:01 NGC1977 CRON[15485]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 11:00:01 NGC1977 CRON[15483]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 11:00:01 NGC1977 CRON[15483]: pam_unix(cron:session): session closed for user tefat
- Apr 29 11:00:01 NGC1977 CRON[15484]: pam_unix(cron:session): session closed for user tefat
- Apr 29 11:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
- Apr 29 11:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
- Apr 29 11:00:01 NGC1977 CRON[15485]: pam_unix(cron:session): session closed for user tefat
- Apr 29 11:09:01 NGC1977 CRON[16883]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 11:09:01 NGC1977 CRON[16883]: pam_unix(cron:session): session closed for user root
- Apr 29 11:17:01 NGC1977 CRON[18082]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 11:17:01 NGC1977 CRON[18082]: pam_unix(cron:session): session closed for user root
- Apr 29 11:39:01 NGC1977 CRON[21336]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 11:39:01 NGC1977 CRON[21336]: pam_unix(cron:session): session closed for user root
- Apr 29 12:00:01 NGC1977 CRON[24432]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 12:00:01 NGC1977 CRON[24431]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 12:00:01 NGC1977 CRON[24433]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 12:00:01 NGC1977 CRON[24432]: pam_unix(cron:session): session closed for user tefat
- Apr 29 12:00:01 NGC1977 CRON[24431]: pam_unix(cron:session): session closed for user tefat
- Apr 29 12:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
- Apr 29 12:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
- Apr 29 12:00:01 NGC1977 CRON[24433]: pam_unix(cron:session): session closed for user tefat
- Apr 29 12:09:01 NGC1977 CRON[25962]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 12:09:01 NGC1977 CRON[25962]: pam_unix(cron:session): session closed for user root
- Apr 29 12:17:01 NGC1977 CRON[27176]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 12:17:01 NGC1977 CRON[27176]: pam_unix(cron:session): session closed for user root
- Apr 29 12:39:01 NGC1977 CRON[30397]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 12:39:01 NGC1977 CRON[30397]: pam_unix(cron:session): session closed for user root
- Apr 29 13:00:01 NGC1977 CRON[33474]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 13:00:01 NGC1977 CRON[33476]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 13:00:01 NGC1977 CRON[33475]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 13:00:01 NGC1977 CRON[33475]: pam_unix(cron:session): session closed for user tefat
- Apr 29 13:00:01 NGC1977 CRON[33474]: pam_unix(cron:session): session closed for user tefat
- Apr 29 13:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
- Apr 29 13:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
- Apr 29 13:00:01 NGC1977 CRON[33476]: pam_unix(cron:session): session closed for user tefat
- Apr 29 13:09:01 NGC1977 CRON[34799]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 13:09:01 NGC1977 CRON[34799]: pam_unix(cron:session): session closed for user root
- Apr 29 13:17:01 NGC1977 CRON[36204]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 13:17:01 NGC1977 CRON[36204]: pam_unix(cron:session): session closed for user root
- Apr 29 13:39:01 NGC1977 CRON[39455]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 13:39:01 NGC1977 CRON[39455]: pam_unix(cron:session): session closed for user root
- Apr 29 14:00:01 NGC1977 CRON[42551]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 14:00:01 NGC1977 CRON[42553]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 14:00:01 NGC1977 CRON[42552]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 14:00:01 NGC1977 CRON[42551]: pam_unix(cron:session): session closed for user tefat
- Apr 29 14:00:01 NGC1977 CRON[42552]: pam_unix(cron:session): session closed for user tefat
- Apr 29 14:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
- Apr 29 14:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
- Apr 29 14:00:01 NGC1977 CRON[42553]: pam_unix(cron:session): session closed for user tefat
- Apr 29 14:09:01 NGC1977 CRON[43878]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 14:09:01 NGC1977 CRON[43878]: pam_unix(cron:session): session closed for user root
- Apr 29 14:17:01 NGC1977 CRON[45284]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 14:17:01 NGC1977 CRON[45284]: pam_unix(cron:session): session closed for user root
- Apr 29 14:39:01 NGC1977 CRON[48514]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 14:39:01 NGC1977 CRON[48514]: pam_unix(cron:session): session closed for user root
- Apr 29 14:47:26 NGC1977 sshd[49746]: Accepted publickey for tefat from 192.168.5.11 port 49756 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 14:47:26 NGC1977 sshd[49746]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
- Apr 29 14:47:26 NGC1977 systemd-logind[738]: New session 86 of user tefat.
- Apr 29 14:47:26 NGC1977 sshd[49746]: pam_unix(sshd:session): session closed for user tefat
- Apr 29 14:47:26 NGC1977 systemd-logind[738]: Removed session 86.
- Apr 29 14:52:33 NGC1977 perl[50518]: pam_unix(webmin:session): session opened for user root by (uid=0)
- Apr 29 14:52:33 NGC1977 systemd-logind[738]: New session c2 of user root.
- Apr 29 14:52:33 NGC1977 systemd: pam_unix(systemd-user:session): session opened for user root by (uid=0)
- Apr 29 14:52:33 NGC1977 webmin[50518]: Successful login as root from 192.168.5.11
- Apr 29 14:52:33 NGC1977 systemd-logind[738]: Removed session c2.
- Apr 29 14:52:33 NGC1977 systemd: pam_unix(systemd-user:session): session closed for user root
- Apr 29 14:56:36 NGC1977 login[4651]: pam_unix(login:session): session opened for user tefat by LOGIN(uid=0)
- Apr 29 14:56:36 NGC1977 systemd-logind[738]: New session 88 of user tefat.
- Apr 29 14:56:48 NGC1977 sudo: pam_unix(sudo:auth): authentication failure; logname=tefat uid=1000 euid=0 tty=/dev/tty1 ruser=tefat rhost= user=tefat
- Apr 29 14:56:55 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl restart sshd.service
- Apr 29 14:56:55 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 14:56:55 NGC1977 sshd[17519]: Received signal 15; terminating.
- Apr 29 14:56:55 NGC1977 sshd[57014]: Server listening on 0.0.0.0 port 666.
- Apr 29 14:56:55 NGC1977 sshd[57014]: Server listening on :: port 666.
- Apr 29 14:56:55 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 14:57:00 NGC1977 sshd[57135]: Accepted publickey for tefat from 192.168.5.11 port 50766 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 14:57:00 NGC1977 sshd[57135]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
- Apr 29 14:57:00 NGC1977 systemd-logind[738]: New session 89 of user tefat.
- Apr 29 14:57:00 NGC1977 sshd[57135]: pam_unix(sshd:session): session closed for user tefat
- Apr 29 14:57:00 NGC1977 systemd-logind[738]: Removed session 89.
- Apr 29 14:57:08 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/nano /etc/ssh/sshd_config
- Apr 29 14:57:08 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 14:57:19 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 14:57:29 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl stop sshd.service
- Apr 29 14:57:29 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 14:57:29 NGC1977 sshd[57014]: Received signal 15; terminating.
- Apr 29 14:57:29 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 14:57:39 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl start sshd.service
- Apr 29 14:57:39 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 14:57:39 NGC1977 sshd[58023]: Server listening on 0.0.0.0 port 666.
- Apr 29 14:57:39 NGC1977 sshd[58023]: Server listening on :: port 666.
- Apr 29 14:57:39 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 14:57:44 NGC1977 sshd[58091]: Accepted publickey for tefat from 192.168.5.11 port 50854 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 14:57:44 NGC1977 sshd[58091]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
- Apr 29 14:57:44 NGC1977 systemd-logind[738]: New session 90 of user tefat.
- Apr 29 15:00:01 NGC1977 CRON[61320]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 15:00:01 NGC1977 CRON[61319]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 15:00:01 NGC1977 CRON[61321]: pam_unix(cron:session): session opened for user tefat by (uid=0)
- Apr 29 15:00:01 NGC1977 CRON[61320]: pam_unix(cron:session): session closed for user tefat
- Apr 29 15:00:01 NGC1977 CRON[61319]: pam_unix(cron:session): session closed for user tefat
- Apr 29 15:00:01 NGC1977 sudo: pam_unix(sudo:auth): conversation failed
- Apr 29 15:00:01 NGC1977 sudo: pam_unix(sudo:auth): auth could not identify password for [tefat]
- Apr 29 15:00:01 NGC1977 CRON[61321]: pam_unix(cron:session): session closed for user tefat
- Apr 29 15:02:45 NGC1977 sshd[64967]: Accepted publickey for tefat from 192.168.5.11 port 51750 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 15:02:45 NGC1977 sshd[64967]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
- Apr 29 15:02:45 NGC1977 systemd-logind[738]: New session 94 of user tefat.
- Apr 29 15:09:01 NGC1977 CRON[8689]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 15:09:01 NGC1977 CRON[8689]: pam_unix(cron:session): session closed for user root
- Apr 29 15:15:01 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/nano /etc/ssh/sshd_config
- Apr 29 15:15:01 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 15:15:33 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 15:15:39 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl restart sshd.service
- Apr 29 15:15:39 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 15:15:39 NGC1977 sshd[58023]: Received signal 15; terminating.
- Apr 29 15:15:39 NGC1977 sshd[17874]: Server listening on 0.0.0.0 port 666.
- Apr 29 15:15:39 NGC1977 sshd[17874]: Server listening on :: port 666.
- Apr 29 15:15:39 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 15:16:42 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/nano /etc/ssh/sshd_config
- Apr 29 15:16:42 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 15:16:50 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 15:16:52 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl restart sshd.service
- Apr 29 15:16:52 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 15:16:52 NGC1977 sshd[17874]: Received signal 15; terminating.
- Apr 29 15:16:52 NGC1977 sshd[19512]: debug1: Set /proc/self/oom_score_adj from 0 to -1000
- Apr 29 15:16:52 NGC1977 sshd[19512]: debug1: Bind to port 666 on 0.0.0.0.
- Apr 29 15:16:52 NGC1977 sshd[19512]: Server listening on 0.0.0.0 port 666.
- Apr 29 15:16:52 NGC1977 sshd[19512]: debug1: Bind to port 666 on ::.
- Apr 29 15:16:52 NGC1977 sshd[19512]: Server listening on :: port 666.
- Apr 29 15:16:52 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 15:16:53 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/nano /etc/ssh/sshd_config
- Apr 29 15:16:53 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 15:17:01 NGC1977 CRON[19723]: pam_unix(cron:session): session opened for user root by (uid=0)
- Apr 29 15:17:01 NGC1977 CRON[19723]: pam_unix(cron:session): session closed for user root
- Apr 29 15:17:02 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 15:17:04 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl restart sshd.service
- Apr 29 15:17:04 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 15:17:04 NGC1977 sshd[19512]: Received signal 15; terminating.
- Apr 29 15:17:04 NGC1977 sshd[19796]: debug1: Set /proc/self/oom_score_adj from 0 to -1000
- Apr 29 15:17:04 NGC1977 sshd[19796]: debug1: Bind to port 666 on 0.0.0.0.
- Apr 29 15:17:04 NGC1977 sshd[19796]: Server listening on 0.0.0.0 port 666.
- Apr 29 15:17:04 NGC1977 sshd[19796]: debug1: Bind to port 666 on ::.
- Apr 29 15:17:04 NGC1977 sshd[19796]: Server listening on :: port 666.
- Apr 29 15:17:04 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 15:17:29 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/bin/cat syslog
- Apr 29 15:17:29 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 15:17:39 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 15:17:48 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/bin/cat lastlog
- Apr 29 15:17:48 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 15:17:49 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 15:18:28 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/bin/nano auth.log
- Apr 29 15:18:28 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 15:18:52 NGC1977 sshd[19796]: debug1: Forked child 22377.
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: Set /proc/self/oom_score_adj to 0
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: inetd sockets after dupping: 3, 3
- Apr 29 15:18:52 NGC1977 sshd[22377]: Connection from 192.168.5.11 port 54651 on 192.168.5.2 port 666
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: Client protocol version 2.0; client software version FileZilla_3.41.2
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: no match: FileZilla_3.41.2
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: Enabling compatibility mode for protocol 2.0
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: permanently_set_uid: 106/65534 [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: SSH2_MSG_KEXINIT sent [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: SSH2_MSG_KEXINIT received [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: SSH2_MSG_NEWKEYS received [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: KEX done [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: userauth-request for user gjest service ssh-connection method none [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: attempt 0 failures 0 [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: user gjest matched group list jail at line 126
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: PAM: initializing for "gjest"
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: PAM: setting PAM_TTY to "ssh"
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: userauth-request for user gjest service ssh-connection method password [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: attempt 1 failures 0 [preauth]
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: PAM: password authentication accepted for gjest
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: do_pam_account: called
- Apr 29 15:18:52 NGC1977 sshd[22377]: Accepted password for gjest from 192.168.5.11 port 54651 ssh2
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: monitor_child_preauth: gjest has been authenticated by privileged process
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: monitor_read_log: child log fd closed
- Apr 29 15:18:52 NGC1977 sshd[22377]: debug1: PAM: establishing credentials
- Apr 29 15:18:52 NGC1977 sshd[22377]: pam_unix(sshd:session): session opened for user gjest by (uid=0)
- Apr 29 15:18:52 NGC1977 systemd-logind[738]: New session 97 of user gjest.
- Apr 29 15:18:52 NGC1977 systemd: pam_unix(systemd-user:session): session opened for user gjest by (uid=0)
- Apr 29 15:18:52 NGC1977 sshd[22377]: User child is on pid 22391
- Apr 29 15:18:52 NGC1977 sshd[22391]: debug1: SELinux support disabled
- Apr 29 15:18:52 NGC1977 sshd[22391]: debug1: PAM: establishing credentials
- Apr 29 15:22:05 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 15:22:06 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/bin/nano auth.log
- Apr 29 15:22:06 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 15:22:48 NGC1977 sshd[22377]: debug1: PAM: cleanup
- Apr 29 15:22:48 NGC1977 sshd[22377]: debug1: PAM: closing session
- Apr 29 15:22:48 NGC1977 sshd[22377]: pam_unix(sshd:session): session closed for user gjest
- Apr 29 15:22:48 NGC1977 sshd[22377]: debug1: PAM: deleting credentials
- Apr 29 15:22:48 NGC1977 systemd-logind[738]: Removed session 97.
- Apr 29 15:22:48 NGC1977 systemd: pam_unix(systemd-user:session): session closed for user gjest
- Apr 29 15:22:50 NGC1977 sshd[19796]: debug1: Forked child 27869.
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: Set /proc/self/oom_score_adj to 0
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: inetd sockets after dupping: 3, 3
- Apr 29 15:22:50 NGC1977 sshd[27869]: Connection from 192.168.5.11 port 55456 on 192.168.5.2 port 666
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: Client protocol version 2.0; client software version FileZilla_3.41.2
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: no match: FileZilla_3.41.2
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: Enabling compatibility mode for protocol 2.0
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: permanently_set_uid: 106/65534 [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: SSH2_MSG_KEXINIT sent [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: SSH2_MSG_KEXINIT received [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: SSH2_MSG_NEWKEYS received [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: KEX done [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: userauth-request for user gjest service ssh-connection method none [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: attempt 0 failures 0 [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: user gjest matched group list jail at line 126
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: PAM: initializing for "gjest"
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: PAM: setting PAM_TTY to "ssh"
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: userauth-request for user gjest service ssh-connection method password [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: attempt 1 failures 0 [preauth]
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: PAM: password authentication accepted for gjest
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: do_pam_account: called
- Apr 29 15:22:50 NGC1977 sshd[27869]: Accepted password for gjest from 192.168.5.11 port 55456 ssh2
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: monitor_child_preauth: gjest has been authenticated by privileged process
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: monitor_read_log: child log fd closed
- Apr 29 15:22:50 NGC1977 sshd[27869]: debug1: PAM: establishing credentials
- Apr 29 15:22:50 NGC1977 sshd[27869]: pam_unix(sshd:session): session opened for user gjest by (uid=0)
- Apr 29 15:22:50 NGC1977 systemd-logind[738]: New session 99 of user gjest.
- Apr 29 15:22:50 NGC1977 systemd: pam_unix(systemd-user:session): session opened for user gjest by (uid=0)
- Apr 29 15:22:51 NGC1977 sshd[27869]: User child is on pid 27880
- Apr 29 15:22:51 NGC1977 sshd[27880]: debug1: SELinux support disabled
- Apr 29 15:22:51 NGC1977 sshd[27880]: debug1: PAM: establishing credentials
- Apr 29 15:22:54 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 15:22:56 NGC1977 sshd[58091]: pam_unix(sshd:session): session closed for user tefat
- Apr 29 15:22:56 NGC1977 systemd-logind[738]: Removed session 90.
- Apr 29 15:23:01 NGC1977 sshd[64967]: pam_unix(sshd:session): session closed for user tefat
- Apr 29 15:23:01 NGC1977 systemd-logind[738]: Removed session 94.
- Apr 29 15:23:16 NGC1977 sshd[19796]: debug1: Forked child 28623.
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: Set /proc/self/oom_score_adj to 0
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: inetd sockets after dupping: 3, 3
- Apr 29 15:23:16 NGC1977 sshd[28623]: Connection from 192.168.5.11 port 55527 on 192.168.5.2 port 666
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.70
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: no match: PuTTY_Release_0.70
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: Enabling compatibility mode for protocol 2.0
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: permanently_set_uid: 106/65534 [preauth]
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: SSH2_MSG_KEXINIT sent [preauth]
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: SSH2_MSG_KEXINIT received [preauth]
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
- Apr 29 15:23:16 NGC1977 sshd[28623]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: SSH2_MSG_NEWKEYS received [preauth]
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: KEX done [preauth]
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: userauth-request for user tefat service ssh-connection method none [preauth]
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: attempt 0 failures 0 [preauth]
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: user tefat matched group list jail at line 126
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: PAM: initializing for "tefat"
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: PAM: setting PAM_TTY to "ssh"
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: attempt 1 failures 0 [preauth]
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I [preauth]
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: fd 4 clearing O_NONBLOCK
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: restore_uid: 0/0
- Apr 29 15:23:17 NGC1977 sshd[28623]: Postponed publickey for tefat from 192.168.5.11 port 55527 ssh2 [preauth]
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: attempt 2 failures 0 [preauth]
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: fd 4 clearing O_NONBLOCK
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: restore_uid: 0/0
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: do_pam_account: called
- Apr 29 15:23:17 NGC1977 sshd[28623]: Accepted publickey for tefat from 192.168.5.11 port 55527 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: monitor_child_preauth: tefat has been authenticated by privileged process
- Apr 29 15:23:17 NGC1977 systemd-logind[738]: New session 101 of user tefat.
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: monitor_read_log: child log fd closed
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: PAM: establishing credentials
- Apr 29 15:23:17 NGC1977 sshd[28623]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
- Apr 29 15:23:17 NGC1977 sshd[28623]: User child is on pid 28631
- Apr 29 15:23:17 NGC1977 sshd[28631]: debug1: SELinux support disabled
- Apr 29 15:23:17 NGC1977 sshd[28631]: debug1: PAM: establishing credentials
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: session_new: session 0
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: SELinux support disabled
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: session_by_tty: session 0 tty /dev/pts/0
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: session_pty_cleanup: session 0 release /dev/pts/0
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: PAM: cleanup
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: PAM: closing session
- Apr 29 15:23:17 NGC1977 sshd[28623]: pam_unix(sshd:session): session closed for user tefat
- Apr 29 15:23:17 NGC1977 sshd[28623]: debug1: PAM: deleting credentials
- Apr 29 15:23:17 NGC1977 systemd-logind[738]: Removed session 101.
- Apr 29 15:23:30 NGC1977 sshd[27869]: debug1: PAM: cleanup
- Apr 29 15:23:30 NGC1977 sshd[27869]: debug1: PAM: closing session
- Apr 29 15:23:30 NGC1977 sshd[27869]: pam_unix(sshd:session): session closed for user gjest
- Apr 29 15:23:30 NGC1977 sshd[27869]: debug1: PAM: deleting credentials
- Apr 29 15:23:30 NGC1977 systemd-logind[738]: Removed session 99.
- Apr 29 15:23:30 NGC1977 systemd: pam_unix(systemd-user:session): session closed for user gjest
- Apr 29 15:23:33 NGC1977 sshd[19796]: debug1: Forked child 29020.
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: Set /proc/self/oom_score_adj to 0
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: inetd sockets after dupping: 3, 3
- Apr 29 15:23:33 NGC1977 sshd[29020]: Connection from 192.168.5.11 port 55543 on 192.168.5.2 port 666
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: Client protocol version 2.0; client software version FileZilla_3.41.2
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: no match: FileZilla_3.41.2
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: Enabling compatibility mode for protocol 2.0
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: permanently_set_uid: 106/65534 [preauth]
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: SSH2_MSG_KEXINIT sent [preauth]
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: SSH2_MSG_KEXINIT received [preauth]
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
- Apr 29 15:23:33 NGC1977 sshd[29020]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: SSH2_MSG_NEWKEYS received [preauth]
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: KEX done [preauth]
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: userauth-request for user gjest service ssh-connection method none [preauth]
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: attempt 0 failures 0 [preauth]
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: user gjest matched group list jail at line 126
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: PAM: initializing for "gjest"
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: PAM: setting PAM_TTY to "ssh"
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: userauth-request for user gjest service ssh-connection method password [preauth]
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: attempt 1 failures 0 [preauth]
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: PAM: password authentication accepted for gjest
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: do_pam_account: called
- Apr 29 15:23:34 NGC1977 sshd[29020]: Accepted password for gjest from 192.168.5.11 port 55543 ssh2
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: monitor_child_preauth: gjest has been authenticated by privileged process
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: monitor_read_log: child log fd closed
- Apr 29 15:23:34 NGC1977 sshd[29020]: debug1: PAM: establishing credentials
- Apr 29 15:23:34 NGC1977 sshd[29020]: pam_unix(sshd:session): session opened for user gjest by (uid=0)
- Apr 29 15:23:34 NGC1977 systemd-logind[738]: New session 102 of user gjest.
- Apr 29 15:23:34 NGC1977 systemd: pam_unix(systemd-user:session): session opened for user gjest by (uid=0)
- Apr 29 15:23:34 NGC1977 sshd[29020]: User child is on pid 29041
- Apr 29 15:23:34 NGC1977 sshd[29041]: debug1: SELinux support disabled
- Apr 29 15:23:34 NGC1977 sshd[29041]: debug1: PAM: establishing credentials
- Apr 29 15:23:53 NGC1977 sshd[29020]: debug1: PAM: cleanup
- Apr 29 15:23:53 NGC1977 sshd[29020]: debug1: PAM: closing session
- Apr 29 15:23:53 NGC1977 sshd[29020]: pam_unix(sshd:session): session closed for user gjest
- Apr 29 15:23:53 NGC1977 sshd[29020]: debug1: PAM: deleting credentials
- Apr 29 15:23:53 NGC1977 systemd-logind[738]: Removed session 102.
- Apr 29 15:23:53 NGC1977 systemd: pam_unix(systemd-user:session): session closed for user gjest
- Apr 29 15:24:14 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/nano /var/log/auth.log
- Apr 29 15:24:14 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 15:25:13 NGC1977 sshd[19796]: debug1: Forked child 31227.
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: Set /proc/self/oom_score_adj to 0
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: inetd sockets after dupping: 3, 3
- Apr 29 15:25:13 NGC1977 sshd[31227]: Connection from 192.168.5.11 port 55850 on 192.168.5.2 port 666
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: Client protocol version 2.0; client software version FileZilla_3.41.2
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: no match: FileZilla_3.41.2
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: Enabling compatibility mode for protocol 2.0
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: permanently_set_uid: 106/65534 [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: SSH2_MSG_KEXINIT sent [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: SSH2_MSG_KEXINIT received [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: SSH2_MSG_NEWKEYS received [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: KEX done [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: userauth-request for user tefat service ssh-connection method none [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: attempt 0 failures 0 [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: user tefat matched group list jail at line 126
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: PAM: initializing for "tefat"
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: PAM: setting PAM_TTY to "ssh"
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: userauth-request for user tefat service ssh-connection method password [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: debug1: attempt 1 failures 0 [preauth]
- Apr 29 15:25:13 NGC1977 sshd[31227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.5.11 user=tefat
- Apr 29 15:25:15 NGC1977 sshd[31227]: debug1: PAM: password authentication failed for tefat: Authentication failure
- Apr 29 15:25:15 NGC1977 sshd[31227]: Failed password for tefat from 192.168.5.11 port 55850 ssh2
- Apr 29 15:25:15 NGC1977 sshd[31227]: error: Received disconnect from 192.168.5.11 port 55850:13: Unable to authenticate [preauth]
- Apr 29 15:25:15 NGC1977 sshd[31227]: Disconnected from 192.168.5.11 port 55850 [preauth]
- Apr 29 15:25:15 NGC1977 sshd[31227]: debug1: do_cleanup [preauth]
- Apr 29 15:25:15 NGC1977 sshd[31227]: debug1: monitor_read_log: child log fd closed
- Apr 29 15:25:15 NGC1977 sshd[31227]: debug1: do_cleanup
- Apr 29 15:25:15 NGC1977 sshd[31227]: debug1: PAM: cleanup
- Apr 29 15:25:15 NGC1977 sshd[31227]: debug1: Killing privsep child 31228
- Apr 29 15:25:15 NGC1977 sshd[31227]: debug1: audit_event: unhandled event 12
- Apr 29 15:25:30 NGC1977 sshd[19796]: debug1: Forked child 31683.
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: Set /proc/self/oom_score_adj to 0
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: inetd sockets after dupping: 3, 3
- Apr 29 15:25:30 NGC1977 sshd[31683]: Connection from 192.168.5.11 port 55908 on 192.168.5.2 port 666
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: Client protocol version 2.0; client software version FileZilla_3.41.2
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: no match: FileZilla_3.41.2
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: Enabling compatibility mode for protocol 2.0
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: permanently_set_uid: 106/65534 [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: SSH2_MSG_KEXINIT sent [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: SSH2_MSG_KEXINIT received [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: SSH2_MSG_NEWKEYS received [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: KEX done [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: userauth-request for user tefat service ssh-connection method none [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: attempt 0 failures 0 [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: user tefat matched group list jail at line 126
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: PAM: initializing for "tefat"
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: PAM: setting PAM_TTY to "ssh"
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: userauth-request for user tefat service ssh-connection method password [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: attempt 1 failures 0 [preauth]
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: PAM: password authentication accepted for tefat
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: do_pam_account: called
- Apr 29 15:25:30 NGC1977 sshd[31683]: Accepted password for tefat from 192.168.5.11 port 55908 ssh2
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: monitor_child_preauth: tefat has been authenticated by privileged process
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: monitor_read_log: child log fd closed
- Apr 29 15:25:30 NGC1977 sshd[31683]: debug1: PAM: establishing credentials
- Apr 29 15:25:30 NGC1977 sshd[31683]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
- Apr 29 15:25:30 NGC1977 systemd-logind[738]: New session 104 of user tefat.
- Apr 29 15:25:30 NGC1977 sshd[31683]: User child is on pid 31690
- Apr 29 15:25:30 NGC1977 sshd[31690]: debug1: SELinux support disabled
- Apr 29 15:25:30 NGC1977 sshd[31690]: debug1: PAM: establishing credentials
- Apr 29 15:25:45 NGC1977 sshd[19796]: debug1: Forked child 32017.
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: Set /proc/self/oom_score_adj to 0
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: inetd sockets after dupping: 3, 3
- Apr 29 15:25:45 NGC1977 sshd[32017]: Connection from 192.168.5.11 port 55967 on 192.168.5.2 port 666
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.70
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: no match: PuTTY_Release_0.70
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: Enabling compatibility mode for protocol 2.0
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: permanently_set_uid: 106/65534 [preauth]
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: SSH2_MSG_KEXINIT sent [preauth]
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: SSH2_MSG_KEXINIT received [preauth]
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: SSH2_MSG_NEWKEYS received [preauth]
- Apr 29 15:25:45 NGC1977 sshd[32017]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: KEX done [preauth]
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: userauth-request for user tefat service ssh-connection method none [preauth]
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: attempt 0 failures 0 [preauth]
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: user tefat matched group list jail at line 126
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: PAM: initializing for "tefat"
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: PAM: setting PAM_TTY to "ssh"
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: attempt 1 failures 0 [preauth]
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I [preauth]
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: fd 4 clearing O_NONBLOCK
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: restore_uid: 0/0
- Apr 29 15:25:46 NGC1977 sshd[32017]: Postponed publickey for tefat from 192.168.5.11 port 55967 ssh2 [preauth]
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: attempt 2 failures 0 [preauth]
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: fd 4 clearing O_NONBLOCK
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: restore_uid: 0/0
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: do_pam_account: called
- Apr 29 15:25:46 NGC1977 sshd[32017]: Accepted publickey for tefat from 192.168.5.11 port 55967 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: monitor_child_preauth: tefat has been authenticated by privileged process
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: monitor_read_log: child log fd closed
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: PAM: establishing credentials
- Apr 29 15:25:46 NGC1977 sshd[32017]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
- Apr 29 15:25:46 NGC1977 systemd-logind[738]: New session 105 of user tefat.
- Apr 29 15:25:46 NGC1977 sshd[32017]: User child is on pid 32028
- Apr 29 15:25:46 NGC1977 sshd[32028]: debug1: SELinux support disabled
- Apr 29 15:25:46 NGC1977 sshd[32028]: debug1: PAM: establishing credentials
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: session_new: session 0
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: SELinux support disabled
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: session_by_tty: session 0 tty /dev/pts/0
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: session_pty_cleanup: session 0 release /dev/pts/0
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: PAM: cleanup
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: PAM: closing session
- Apr 29 15:25:46 NGC1977 sshd[32017]: pam_unix(sshd:session): session closed for user tefat
- Apr 29 15:25:46 NGC1977 sshd[32017]: debug1: PAM: deleting credentials
- Apr 29 15:25:46 NGC1977 systemd-logind[738]: Removed session 105.
- Apr 29 15:26:38 NGC1977 sshd[19796]: debug1: Forked child 33263.
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: Set /proc/self/oom_score_adj to 0
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: inetd sockets after dupping: 3, 3
- Apr 29 15:26:38 NGC1977 sshd[33263]: Connection from 192.168.5.11 port 56101 on 192.168.5.2 port 666
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.70
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: no match: PuTTY_Release_0.70
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: Enabling compatibility mode for protocol 2.0
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: permanently_set_uid: 106/65534 [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: SSH2_MSG_KEXINIT sent [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: SSH2_MSG_KEXINIT received [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: SSH2_MSG_NEWKEYS received [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: KEX done [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: userauth-request for user gjest service ssh-connection method none [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: attempt 0 failures 0 [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: user gjest matched group list jail at line 126
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: PAM: initializing for "gjest"
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: PAM: setting PAM_TTY to "ssh"
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: userauth-request for user gjest service ssh-connection method publickey [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: attempt 1 failures 0 [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I [preauth]
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: temporarily_use_uid: 1001/1002 (e=0/0)
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: trying public key file /home/jail//.ssh/authorized_keys
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: Could not open authorized keys '/home/jail//.ssh/authorized_keys': No such file or directory
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: restore_uid: 0/0
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: temporarily_use_uid: 1001/1002 (e=0/0)
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: trying public key file /home/jail//.ssh/authorized_keys2
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: Could not open authorized keys '/home/jail//.ssh/authorized_keys2': No such file or directory
- Apr 29 15:26:38 NGC1977 sshd[33263]: debug1: restore_uid: 0/0
- Apr 29 15:26:38 NGC1977 sshd[33263]: Failed publickey for gjest from 192.168.5.11 port 56101 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: userauth-request for user gjest service ssh-connection method password [preauth]
- Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: attempt 2 failures 1 [preauth]
- Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: PAM: password authentication accepted for gjest
- Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: do_pam_account: called
- Apr 29 15:26:51 NGC1977 sshd[33263]: Accepted password for gjest from 192.168.5.11 port 56101 ssh2
- Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: monitor_child_preauth: gjest has been authenticated by privileged process
- Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: monitor_read_log: child log fd closed
- Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: PAM: establishing credentials
- Apr 29 15:26:51 NGC1977 sshd[33263]: pam_unix(sshd:session): session opened for user gjest by (uid=0)
- Apr 29 15:26:51 NGC1977 systemd-logind[738]: New session 106 of user gjest.
- Apr 29 15:26:51 NGC1977 systemd: pam_unix(systemd-user:session): session opened for user gjest by (uid=0)
- Apr 29 15:26:51 NGC1977 sshd[33263]: User child is on pid 33475
- Apr 29 15:26:51 NGC1977 sshd[33475]: debug1: SELinux support disabled
- Apr 29 15:26:51 NGC1977 sshd[33475]: debug1: PAM: establishing credentials
- Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: session_new: session 0
- Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: SELinux support disabled
- Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: session_by_tty: session 0 tty /dev/pts/0
- Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: session_pty_cleanup: session 0 release /dev/pts/0
- Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: PAM: cleanup
- Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: PAM: closing session
- Apr 29 15:26:51 NGC1977 sshd[33263]: pam_unix(sshd:session): session closed for user gjest
- Apr 29 15:26:51 NGC1977 sshd[33263]: debug1: PAM: deleting credentials
- Apr 29 15:26:51 NGC1977 systemd-logind[738]: Removed session 106.
- Apr 29 15:26:51 NGC1977 systemd: pam_unix(systemd-user:session): session closed for user gjest
- Apr 29 15:28:16 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 15:28:22 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl restart sshd.service
- Apr 29 15:28:22 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 15:28:22 NGC1977 sshd[19796]: Received signal 15; terminating.
- Apr 29 15:28:22 NGC1977 sshd[35628]: debug1: Set /proc/self/oom_score_adj from 0 to -1000
- Apr 29 15:28:22 NGC1977 sshd[35628]: debug1: Bind to port 666 on 0.0.0.0.
- Apr 29 15:28:22 NGC1977 sshd[35628]: Server listening on 0.0.0.0 port 666.
- Apr 29 15:28:22 NGC1977 sshd[35628]: debug1: Bind to port 666 on ::.
- Apr 29 15:28:22 NGC1977 sshd[35628]: Server listening on :: port 666.
- Apr 29 15:28:22 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 15:28:26 NGC1977 sshd[35628]: debug1: Forked child 35696.
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: Set /proc/self/oom_score_adj to 0
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: inetd sockets after dupping: 3, 3
- Apr 29 15:28:26 NGC1977 sshd[35696]: Connection from 192.168.5.11 port 56459 on 192.168.5.2 port 666
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.70
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: no match: PuTTY_Release_0.70
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: Enabling compatibility mode for protocol 2.0
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: permanently_set_uid: 106/65534 [preauth]
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: SSH2_MSG_KEXINIT sent [preauth]
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: SSH2_MSG_KEXINIT received [preauth]
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
- Apr 29 15:28:26 NGC1977 sshd[35696]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: SSH2_MSG_NEWKEYS received [preauth]
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: KEX done [preauth]
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: userauth-request for user tefat service ssh-connection method none [preauth]
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: attempt 0 failures 0 [preauth]
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: user tefat matched group list jail at line 126
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: PAM: initializing for "tefat"
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: PAM: setting PAM_TTY to "ssh"
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: attempt 1 failures 0 [preauth]
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I [preauth]
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: fd 4 clearing O_NONBLOCK
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: restore_uid: 0/0
- Apr 29 15:28:27 NGC1977 sshd[35696]: Postponed publickey for tefat from 192.168.5.11 port 56459 ssh2 [preauth]
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: attempt 2 failures 0 [preauth]
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: fd 4 clearing O_NONBLOCK
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: restore_uid: 0/0
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: do_pam_account: called
- Apr 29 15:28:27 NGC1977 sshd[35696]: Accepted publickey for tefat from 192.168.5.11 port 56459 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: monitor_child_preauth: tefat has been authenticated by privileged process
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: monitor_read_log: child log fd closed
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: PAM: establishing credentials
- Apr 29 15:28:27 NGC1977 sshd[35696]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
- Apr 29 15:28:27 NGC1977 systemd-logind[738]: New session 108 of user tefat.
- Apr 29 15:28:27 NGC1977 sshd[35696]: User child is on pid 35704
- Apr 29 15:28:27 NGC1977 sshd[35704]: debug1: SELinux support disabled
- Apr 29 15:28:27 NGC1977 sshd[35704]: debug1: PAM: establishing credentials
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: session_new: session 0
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: SELinux support disabled
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: session_by_tty: session 0 tty /dev/pts/0
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: session_pty_cleanup: session 0 release /dev/pts/0
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: PAM: cleanup
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: PAM: closing session
- Apr 29 15:28:27 NGC1977 sshd[35696]: pam_unix(sshd:session): session closed for user tefat
- Apr 29 15:28:27 NGC1977 sshd[35696]: debug1: PAM: deleting credentials
- Apr 29 15:28:27 NGC1977 systemd-logind[738]: Removed session 108.
- Apr 29 15:28:47 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/nano /etc/ssh/sshd_config
- Apr 29 15:28:47 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 15:28:58 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 15:29:00 NGC1977 sudo: tefat : TTY=tty1 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/systemctl restart sshd.service
- Apr 29 15:29:00 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 15:29:00 NGC1977 sshd[35628]: Received signal 15; terminating.
- Apr 29 15:29:00 NGC1977 sshd[36442]: debug1: Set /proc/self/oom_score_adj from 0 to -1000
- Apr 29 15:29:00 NGC1977 sshd[36442]: debug1: Bind to port 666 on 0.0.0.0.
- Apr 29 15:29:00 NGC1977 sshd[36442]: Server listening on 0.0.0.0 port 666.
- Apr 29 15:29:00 NGC1977 sshd[36442]: debug1: Bind to port 666 on ::.
- Apr 29 15:29:00 NGC1977 sshd[36442]: Server listening on :: port 666.
- Apr 29 15:29:00 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 15:29:04 NGC1977 sshd[36442]: debug1: Forked child 36514.
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: Set /proc/self/oom_score_adj to 0
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: inetd sockets after dupping: 3, 3
- Apr 29 15:29:04 NGC1977 sshd[36514]: Connection from 192.168.5.11 port 56541 on 192.168.5.2 port 666
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.70
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: no match: PuTTY_Release_0.70
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: Enabling compatibility mode for protocol 2.0
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: permanently_set_uid: 106/65534 [preauth]
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: SSH2_MSG_KEXINIT sent [preauth]
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: SSH2_MSG_KEXINIT received [preauth]
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
- Apr 29 15:29:04 NGC1977 sshd[36514]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: SSH2_MSG_NEWKEYS received [preauth]
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: rekey after 4294967296 blocks [preauth]
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: KEX done [preauth]
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: userauth-request for user tefat service ssh-connection method none [preauth]
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: attempt 0 failures 0 [preauth]
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: PAM: initializing for "tefat"
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: PAM: setting PAM_RHOST to "192.168.5.11"
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: PAM: setting PAM_TTY to "ssh"
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: attempt 1 failures 0 [preauth]
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I [preauth]
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: fd 4 clearing O_NONBLOCK
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: restore_uid: 0/0
- Apr 29 15:29:05 NGC1977 sshd[36514]: Postponed publickey for tefat from 192.168.5.11 port 56541 ssh2 [preauth]
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: userauth-request for user tefat service ssh-connection method publickey [preauth]
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: attempt 2 failures 0 [preauth]
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: trying public key file /home/tefat/.ssh/authorized_keys
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: fd 4 clearing O_NONBLOCK
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: matching key found: file /home/tefat/.ssh/authorized_keys, line 1 RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: restore_uid: 0/0
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: do_pam_account: called
- Apr 29 15:29:05 NGC1977 sshd[36514]: Accepted publickey for tefat from 192.168.5.11 port 56541 ssh2: RSA SHA256:Ch1KGOEBjT+mhuG8mLyTJa5nvHt7lc0I9eHIUS00l8I
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: monitor_child_preauth: tefat has been authenticated by privileged process
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: monitor_read_log: child log fd closed
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: PAM: establishing credentials
- Apr 29 15:29:05 NGC1977 sshd[36514]: pam_unix(sshd:session): session opened for user tefat by (uid=0)
- Apr 29 15:29:05 NGC1977 systemd-logind[738]: New session 109 of user tefat.
- Apr 29 15:29:05 NGC1977 sshd[36514]: User child is on pid 36522
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: SELinux support disabled
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: PAM: establishing credentials
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: permanently_set_uid: 1000/1000
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: rekey after 4294967296 blocks
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: rekey after 4294967296 blocks
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: ssh_packet_set_postauth: called
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: Entering interactive session for SSH2.
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: server_init_dispatch
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: input_session_request
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: channel 0: new [server-session]
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_new: session 0
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_open: channel 0
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_open: session 0: link with channel 0
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: server_input_channel_open: confirm session
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request pty-req reply 1
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req pty-req
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: Allocating pty.
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: session_new: session 0
- Apr 29 15:29:05 NGC1977 sshd[36514]: debug1: SELinux support disabled
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_pty_req: session 0 alloc /dev/pts/0
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request shell reply 1
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
- Apr 29 15:29:05 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req shell
- Apr 29 15:29:05 NGC1977 sshd[36522]: Starting session: shell on pts/0 for tefat from 192.168.5.11 port 56541 id 0
- Apr 29 15:29:05 NGC1977 sshd[36523]: debug1: Setting controlling tty using TIOCSCTTY.
- Apr 29 15:29:13 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request window-change reply 0
- Apr 29 15:29:13 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
- Apr 29 15:29:13 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req window-change
- Apr 29 15:29:53 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/nano /var/log/auth.log
- Apr 29 15:29:53 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
- Apr 29 15:29:56 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
- Apr 29 15:29:56 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
- Apr 29 15:29:56 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
- Apr 29 15:29:57 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
- Apr 29 15:29:57 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
- Apr 29 15:29:57 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
- Apr 29 15:29:58 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
- Apr 29 15:29:58 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
- Apr 29 15:29:58 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
- Apr 29 15:30:10 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
- Apr 29 15:30:10 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
- Apr 29 15:30:10 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
- Apr 29 15:30:36 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
- Apr 29 15:30:36 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
- Apr 29 15:30:36 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
- Apr 29 15:30:37 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
- Apr 29 15:30:37 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
- Apr 29 15:30:37 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
- Apr 29 15:30:37 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
- Apr 29 15:30:37 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
- Apr 29 15:30:37 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
- Apr 29 15:30:38 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
- Apr 29 15:30:38 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
- Apr 29 15:30:38 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
- Apr 29 15:30:39 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
- Apr 29 15:30:39 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
- Apr 29 15:30:39 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
- Apr 29 15:30:39 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
- Apr 29 15:30:39 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
- Apr 29 15:30:39 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
- Apr 29 15:30:40 NGC1977 sshd[36522]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
- Apr 29 15:30:40 NGC1977 sshd[36522]: debug1: session_by_channel: session 0 channel 0
- Apr 29 15:30:40 NGC1977 sshd[36522]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
- Apr 29 15:30:41 NGC1977 sudo: pam_unix(sudo:session): session closed for user root
- Apr 29 15:30:56 NGC1977 sudo: tefat : TTY=pts/0 ; PWD=/home/tefat ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /home/tefat/tmp/
- Apr 29 15:30:56 NGC1977 sudo: pam_unix(sudo:session): session opened for user root by tefat(uid=0)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement