I have a server where I believe I have disabled root login via ssh. I think it is done correctly, as I cannot login with root myself via ssh, but I would’ve thought that it would be reflected in /var/log/auth.log
. Instead, it shows up as failed password entry. Is this intended?
What I’ve done is to uncomment the PermitRootLogin no
line in /etc/ssh/sshd_config
. Rest of the config file is left at default.
Bonus question: All login attempts by ssh seems to go over some random port (even my own successful logins). Why is this?
Ah, I see, so the port numbers shown in
auth.log
are all client side ports. I guess I thought that the listening port would be in the log and assumed that the port listed there would be it, but when I read the lines again, it clearly says “from ip.ad.dr.ess port 12345”