I am trying to set up a Pioneer. I am not able to login from outside so far but I can locally by pointing to the ip number on my lan and when I do and ask cockpit for Overview, I see this:
When I click on View Login History from there it had been producing a list of ip numbers with connection attempt details. Now it takes me to a page that says " Account not available or cannot be edited."
While I find my way through this, I am wondering whether a couple of hundred login attempts is an issue or a normal situation?
Any server exposed to the Internet, either directly, as DMZ, or by port forwarding, is likely to see failed login attempts. Try filtering the log in Cockpit for Identifier fail2ban-server or sshd (at Priority info and above) and see if that turns up anything interesting. Also, it looks like you’ve set up an account named “admin”. You might want to create another admin account with a different name and remove the “admin” account. Bad actors looking for vulnerable servers are likely to try to login to “admin” since routers and other devices often use it as a default account name.
This is not normal (youre probably attacked like most, i dont refer to that as normal : )
In your terminal, try typing sudo pam_abl
This will give you a list of ips and usernames caught by pam. Like mine, I assume your server is under constant brute-force attack. Have a look at the list pam gives you and stay away from those usernames.
Additionally, in your FBX I suggest you only allow admins to ssh. I would also setup ssh keys to make sure any chance of brute-force doesnt work.
I see the same. I suspect that this has to do with users accounts created by FreedomBox are managed by LDAP instead of by passwd. passwd is the system default user database and I’m guessing here that cockpit isn’t using LDAP to find the user details.
