Re: Accepted password in auth.log



Hello,

Tobin Lichtenfeld a écrit :

I found two log entries in the auth.log file of my Debian linux (current version):

May 28 14:22:21 its_station sshd[7963]: Accepted password for tobin from 192.168.1.1 port 58254 ssh2
May 28 16:15:18 its_station sshd[10326]: Accepted password for tobin from 192.168.1.1 port 58564 ssh2

I am running this on my home network (192.168.1.1/24) behind a DSL
router. The router has the IP address 192.168.1.1, however when I
connect to the server, the auth.log usually shows my IP address, e.g. my
computer or an official address when I connect from somewhere else..

Does anyone know, what it means, that the log file now shows the IP
address of the router? It is definetely not the router that is
connecting to the server here..

It may be a connection to the router's public address from a host inside the LAN. If the router properly redirects such a connection to the server, it must masquerade the client source address to maintain symmetric routing required by stateful NAT operation.
.