journalctl 中多次收到来自 127.0.0.1 的断开连接消息

journalctl 中多次收到来自 127.0.0.1 的断开连接消息

我正在运行 Debian 8,我正在尝试解决服务器问题(随机无响应),其中一件事我正在查看,但不明白,当我运行 journalctl --no-full -f 时,每分钟有数百个这样的条目

Aug 05 20:36:12 server sshd[48741]: Received disconnect from 127.0.0.1: 11: disconnected by user
Aug 05 20:36:12 server sshd[48741]: pam_unix(sshd:session): session closed for user root
Aug 05 20:36:12 server sshd[48883]: Received disconnect from 127.0.0.1: 11: disconnected by user
Aug 05 20:36:12 server sshd[48883]: pam_unix(sshd:session): session closed for user root
Aug 05 20:36:13 server sshd[48738]: Received disconnect from 127.0.0.1: 11: disconnected by user
Aug 05 20:36:13 server sshd[48738]: pam_unix(sshd:session): session closed for user root
Aug 05 20:36:13 server sshd[47321]: Received disconnect from 127.0.0.1: 11: disconnected by user

他们只是不断地向下滚动屏幕。偶尔会出现一个Aug 05 20:40:04 server sshd[56623]: Accepted publickey for root from 127.0.0.1 port 45873 ssh2: RSA xx:xx:xx:xx:xx,然后它就会回到上面的一连串条目。

我可以正确地假设这可能是某种攻击吗?或者可能是其他原因?我已经将默认端口从 22 更改为另一个端口。

不太确定该怎么理解它或者是否应该担心它。

有任何想法吗?

谢谢。

相关内容