我正在运行 Debian 8,我正在尝试解决服务器问题(随机无响应),其中一件事我正在查看,但不明白,当我运行 journalctl --no-full -f 时,每分钟有数百个这样的条目
Aug 05 20:36:12 server sshd[48741]: Received disconnect from 127.0.0.1: 11: disconnected by user
Aug 05 20:36:12 server sshd[48741]: pam_unix(sshd:session): session closed for user root
Aug 05 20:36:12 server sshd[48883]: Received disconnect from 127.0.0.1: 11: disconnected by user
Aug 05 20:36:12 server sshd[48883]: pam_unix(sshd:session): session closed for user root
Aug 05 20:36:13 server sshd[48738]: Received disconnect from 127.0.0.1: 11: disconnected by user
Aug 05 20:36:13 server sshd[48738]: pam_unix(sshd:session): session closed for user root
Aug 05 20:36:13 server sshd[47321]: Received disconnect from 127.0.0.1: 11: disconnected by user
他们只是不断地向下滚动屏幕。偶尔会出现一个Aug 05 20:40:04 server sshd[56623]: Accepted publickey for root from 127.0.0.1 port 45873 ssh2: RSA xx:xx:xx:xx:xx
,然后它就会回到上面的一连串条目。
我可以正确地假设这可能是某种攻击吗?或者可能是其他原因?我已经将默认端口从 22 更改为另一个端口。
不太确定该怎么理解它或者是否应该担心它。
有任何想法吗?
谢谢。