I'm running a basic Ubuntu server from Digital Ocean, which I use an SSH key (stored on my Desktop) to access.
I've just run netstat -ap
with the following result:
Local Address Foreign Address State PID
XX.XXX.XX.192 183.214.141.105:53929 ESTABLISHED 25193/sshd: root [p
This isn't me, I've searched the IP and it's under a number of banned lists and originates from China.
My Questions:
1) As the state is 'ESTABLISHED', does that mean they have access to my server via SSH? Or is this brute force attempts to gain entry?
2) How could my server of been compromised? I'm not aware brute force can work on SSH keys? Wouldn't they have to access my key on my Desktop?