- Some system administrators noticed that attackers have been attempting to login with common usernames and passwords over SSH. In the system logs of /var/log/secure, similar entries to the following for many common usernames (such as "admin", "guest", "test", and "root") may be seen:
Oct 28 11:11:08 hostname sshd: Illegal user admin from 172.16.59.10 Oct 28 11:11:12 hostname sshd: Failed password for illegal user admin from 172.16.59.10 port 33762 ssh2
- Repeated attempts may be indicative of an attacker trying to guess the password to a particular account, especially the root account, by "brute force". A brute force attack is one where the password is repeatedly guessed until the correct one is found.
- Red Hat Enterprise Linux (RHEL)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.