-1

I failed to login to my root account over ssh, and when doing so I noticed this interesting line in auth.log:

"Failed password for root from [ip address] port 35128 ssh2"

I'm not so interested in the actual failure to access root (I found a solution to this), I'm more interested in why this is going to/coming from port 35128 since ufw is set to deny incoming traffic on ports that aren't 80 and 22 by default.

I'm very new to working with servers, so I'm interested to see what this is.

James Li
  • 3
  • 2

1 Answers1

3

It's the ephemeral client port. This port is always randomly chosen.

This is not specific to SSH, it's a TCP mechanism and happens with every protocol.

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79