SoonerLater
Explorer
- Joined
- Mar 7, 2013
- Messages
- 80
My system (12.0-U8.1) is configured to send an email once a day with alerts. One of the included alerts (System \ Alerts) is for "Yesterday's SSH Login Failures." However, the email doesn't include all of the login failures. Where can I see all of the SSH login failures?
Clearly there are rogues trying to gain access to my system, which is why I've enabled 2FA for web admin and SSH access. Nevertheless, I would like to read the alerts in full.
Also... aside from enabling 2FA, is there anything else that I should do to protect my system in general? Is there a "security best practices" article for TrueNAS out there somewhere?
TrueNAS @ charlotte.local
New alerts:
* 69 SSH login failures:
Dec 3 18:39:58 charlotte 1 2022-12-03T18:39:58.213547-06:00 charlotte.local sshd 8186 - - Invalid user telecomadmin from 152.89.196.123 port 50994
Dec 3 18:39:58 charlotte 1 2022-12-03T18:39:58.332494-06:00 charlotte.local sshd 8186 - - Failed password for invalid user telecomadmin from 152.89.196.123 port 50994 ssh2
... 65 more ...
Dec 3 22:26:33 charlotte 1 2022-12-03T22:26:33.905856-06:00 charlotte.local sshd 11360 - - Failed password for root from 152.89.196.220 port 31424 ssh2
Dec 3 23:04:44 charlotte 1 2022-12-03T23:04:44.339724-06:00 charlotte.local sshd 11823 - - Failed password for root from 152.89.196.220 port 52502 ssh2
Current alerts:
* 69 SSH login failures:
Dec 3 18:39:58 charlotte 1 2022-12-03T18:39:58.213547-06:00 charlotte.local sshd 8186 - - Invalid user telecomadmin from 152.89.196.123 port 50994
Dec 3 18:39:58 charlotte 1 2022-12-03T18:39:58.332494-06:00 charlotte.local sshd 8186 - - Failed password for invalid user telecomadmin from 152.89.196.123 port 50994 ssh2
... 65 more ...
Dec 3 22:26:33 charlotte 1 2022-12-03T22:26:33.905856-06:00 charlotte.local sshd 11360 - - Failed password for root from 152.89.196.220 port 31424 ssh2
Dec 3 23:04:44 charlotte 1 2022-12-03T23:04:44.339724-06:00 charlotte.local sshd 11823 - - Failed password for root from 152.89.196.220 port 52502 ssh2
Clearly there are rogues trying to gain access to my system, which is why I've enabled 2FA for web admin and SSH access. Nevertheless, I would like to read the alerts in full.
Also... aside from enabling 2FA, is there anything else that I should do to protect my system in general? Is there a "security best practices" article for TrueNAS out there somewhere?