I have a server where I believe I have disabled root login via ssh. I think it is done correctly, as I cannot login with root myself via ssh, but I would’ve thought that it would be reflected in /var/log/auth.log. Instead, it shows up as failed password entry. Is this intended?

What I’ve done is to uncomment the PermitRootLogin no line in /etc/ssh/sshd_config. Rest of the config file is left at default.

Bonus question: All login attempts by ssh seems to go over some random port (even my own successful logins). Why is this?

  • ipsirc@lemmy.mlEnglish
    71·
    8 months ago

    Ssh listens on port 22, as soon as a connection is made the host moves the connection to another port to free up 22 for other new connections.

    Makes sense

    No, it’s nonsense. Nothing like that happens.