Somebody accessing my computer with my password, i want to know who login my system via ssh xxxx@192.168.8.345, i want to know that ip how to trace it.
Asked
Active
Viewed 1.8k times
2 Answers
4
sshd logs all authorizations in /var/log/auth.log . You can check for logins by performing
grep sshd /var/log/auth.log. The output will look something the following:
Jun 5 13:56:06 computer-name sshd[1582]: Accepted password for user from 10.0.2.2 port 41341 ssh2
However, if you are sure that your system is compromised, these logs cannot be trusted. You need to change your password immediately, backup all data and reinstall the system. If an attacker managed to get root access (either because your user has sudo rights or through an exploit) to the system neither the logs nor any executables (even system ones) can be trusted. The only thing left to do is to nuke it from orbit.
crasic
- 3,882
1
If the IP of the attacker is 192.168.8.345 then he's on your local network.
- Change your router to WPA2 encryption and change your router login info
- Change the password on your computer to something a little more eloborate
You won't be able to find out who or where this person is logging in from since they're local.
Edit: Try this code.
sudo ufw enable
sudo ufw block proto tcp from 192.168.8.345
Roboman1723
- 2,975
- 8
- 26
- 32