21
3
I use a key (not password) to ssh into a server, but my IP address is frequently banned by the server.
After looking into the server auth.log, I found that someone (or some software) is trying every 10-20 minutes to ssh with the wrong password.
Jun 15 21:23:26 www sshd[31046]: Failed password for git from 218.81.128.80 port 37012 ssh2
Jun 15 21:23:26 www sshd[31046]: error: maximum authentication attempts exceeded for git from 218.81.128.80 port 37012 ssh2 [preauth]
Jun 15 21:23:26 www sshd[31046]: Disconnecting authenticating user git 218.81.128.80 port 37012: Too many authentication failures [preauth]
Jun 15 21:33:26 www sshd[31931]: Failed password for git from 218.81.128.80 port 37146 ssh2
Jun 15 21:33:26 www sshd[31931]: Failed password for git from 218.81.128.80 port 37146 ssh2
Jun 15 21:33:26 www sshd[31931]: error: maximum authentication attempts exceeded for git from 218.81.128.80 port 37146 ssh2 [preauth]
Jun 15 21:33:26 www sshd[31931]: Disconnecting authenticating user git 218.81.128.80 port 37146: Too many authentication failures [preauth]
Jun 15 21:53:26 www sshd[870]: Failed password for git from 101.81.237.208 port 37384 ssh2
Jun 15 21:53:26 www sshd[870]: Failed password for git from 101.81.237.208 port 37384 ssh2
Jun 15 21:53:26 www sshd[870]: error: maximum authentication attempts exceeded for git from 101.81.237.208 port 37384 ssh2 [preauth]
Jun 15 21:53:26 www sshd[870]: Disconnecting authenticating user git 101.81.237.208 port 37384: Too many authentication failures [preauth]
I'm using pycharm/phpstorm, etc., and created a Git server on my server.
I've checked the settings for these two software packages and have no idea what is happening. I even changed my computer, but it made no difference.
Based on IP, check whether it's yours or not. Use WHOIS services to find from where they are. If these IP addresses are public, then it's probably someone else, trying to clone some Git repositories from your server. – kenorb – 2019-06-15T14:12:47.563
1@kenorb it's my private IP. Just 10-20 minutes after i started to work, the annoying things happend. How about delete git user? – Charles Bao – 2019-06-15T14:16:57.387
If you use an SSH key instead of a password, there is absolutely no point banning IPs after failed logins. You're just making life harder for yourself. – Navin – 2019-06-17T04:30:05.047