Unknown SSH Log Response

[Matthew Thurner]

I've never see a response like this when restarting SSH service. This is a new installation and I am the only 'user' on the system. I have not generated any SSH keys and am worried about if this means someone was connected to ssh, usually I get an IP address and (preauth) in the log this is new to me here.

Waiting for “sshd” to restart ………waiting for “sshd” to initialize ………finished.

Service Status
sshd (sshd: root [priv]) is running as root with PID 20908 (systemd+/proc check method).
sshd (sshd: root [net]) is running as sshd with PID 20909 (systemd+/proc check method).
sshd (/usr/sbin/sshd -D) is running as root with PID 20961 (systemd+/proc check method).

Startup Log
Apr 06 02:41:50 jbm systemd[1]: Starting OpenSSH server daemon...
Apr 06 02:41:50 jbm sshd[20961]: Server listening on 0.0.0.0 port 22.
Apr 06 02:41:50 jbm sshd[20961]: Server listening on :: port 22.
Apr 06 02:41:50 jbm systemd[1]: Started OpenSSH server daemon.
Apr 06 02:41:50 jbm sshd[20908]: Failed password for root from 218.92.0.184 port 24620 ssh2

Log Messages
Apr 6 02:41:50 jbm sshd[20908]: Failed password for root from 218.92.0.184 port 24620 ssh2
Apr 6 02:41:50 jbm sshd[20961]: Server listening on :: port 22.
Apr 6 02:41:50 jbm sshd[20961]: Server listening on 0.0.0.0 port 22.
Apr 6 02:41:49 jbm sshd[19799]: Received signal 15; terminating.
Apr 6 02:41:48 jbm sshd[20908]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

 

[dalem]

It just means some one was brute forcing your SSH at the time you restarted your SSH server "unsuccessfully "

Last root form cli will tell you who logged in last

 

[cPanelLauren]

As indicated by @dalem this isn't significant it's really just timing