2017-07-13
Interesting log item
Haven't seen this before:Jul 13 09:29:45 greenblatt sshd[24232]: Invalid user from 193.105.134.187 Jul 13 09:29:45 greenblatt sshd[24232]: input_userauth_request: invalid user [preauth] Jul 13 09:29:59 greenblatt sshd[24232]: Disconnecting: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]I have seen user '' (empty) before, but a change of username is new to me. Searching finds very little information, only one mention: Which ssh exploit works by changing the user name in the middle of the process? - Information Security stack exchange where the assumption was that this was some kind of attack.