why do I see failed login attempts to vm on non-forwarded ports?

From: Dale Scott <dalescott_at_shaw.ca>
Date: Thu, 05 Jan 2023 15:27:13 UTC
Hi all, this has me stumped. I'm seeing login attempts from what I assume to be a scripted exploit attempt. The login attempts aren't a major concern (other than they choke the server) as ssh is configured for key authentication only, but the ports they use has me confused.

The server is a FreeBSD 13.1 headless guest vm on a headless 13.1 host, hosted using virtualbox-ose (managed using phpVirtualBox). Only 3 ports are forwarded from host to guest: 3022 to 22 for ssh login to the guest, 8000 to 8000 for remote client access to tryton ERP, and 5432 to 5432 for remote access to postgresql (DBMS for Tryton).

My (very limited) understanding of networking and port forwarding was that that the guest could only be accessed from the outside world using one of those three ports. Clearly I was wrong.

Can anyone explain what is happening?

TIA!

Cheers,
Dale

Fwiw, I was originally just trying to configure remote access to PostgreSQL so I could use pgAdmin remotely to investigate Tryton's databases, and then noticed the login attempts (which could be why the vm crashes every couple weeks).



Host (whizzer) ifconfig
=======================

em0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=481249b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,WOL_MAGIC,VLAN_HWFILTER,NOMAP>
	ether ac:16:2d:0d:fb:85
	inet6 fe80::ae16:2dff:fe0d:fb85%em0 prefixlen 64 scopeid 0x1
	inet 174.0.60.222 netmask 0xfffffc00 broadcast 255.255.255.255
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

Guest (starlord) ifconfig
=========================

dale@starlord:~ % ifconfig
em0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=481009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER,NOMAP>
	ether 08:00:27:60:dd:62
	inet6 fe80::a00:27ff:fe60:dd62%em0 prefixlen 64 scopeid 0x1
	inet 10.0.2.15 netmask 0xffffff00 broadcast 10.0.2.255
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

Guest (starlord) daily security run output
==========================================

(the guest uses ssmtp to relay mail to me in the outside world using SendGrid)

From: "Dale Scott (dalescott@shaw)" <dalescott@shaw.ca>
To: root@mi03.dcs.int.inet
Sent: Thursday, January 5, 2023 3:26:32 AM
Subject: starlord daily security run output

...

starlord login failures:
Jan  4 00:02:05 starlord sshd[1597]: Invalid user admin from 10.0.2.2 port 51252
Jan  4 00:02:07 starlord sshd[1597]: Connection closed by invalid user admin 10.0.2.2 port 51252 [preauth]
Jan  4 00:13:19 starlord sshd[1621]: Invalid user support from 10.0.2.2 port 47876
Jan  4 00:13:19 starlord sshd[1621]: Connection closed by invalid user support 10.0.2.2 port 47876 [preauth]
Jan  4 00:35:31 starlord sshd[1673]: Invalid user user from 10.0.2.2 port 11366
Jan  4 00:35:31 starlord sshd[1673]: Connection closed by invalid user user 10.0.2.2 port 11366 [preauth]
Jan  4 00:46:24 starlord sshd[1697]: Invalid user admin from 10.0.2.2 port 2414
Jan  4 00:46:25 starlord sshd[1697]: Connection closed by invalid user admin 10.0.2.2 port 2414 [preauth]
Jan  4 00:57:16 starlord sshd[1721]: Invalid user default from 10.0.2.2 port 56972
Jan  4 00:57:17 starlord sshd[1721]: Connection closed by invalid user default 10.0.2.2 port 56972 [preauth]
Jan  4 01:08:05 starlord sshd[1749]: Invalid user default from 10.0.2.2 port 43434
Jan  4 01:08:06 starlord sshd[1749]: Connection closed by invalid user default 10.0.2.2 port 43434 [preauth]
Jan  4 01:13:46 starlord sshd[1767]: error: Fssh_kex_exchange_identification: banner line contains invalid characters
Jan  4 01:13:46 starlord sshd[1767]: banner exchange: Connection from 10.0.2.2 port 65531: invalid format
Jan  4 01:40:40 starlord sshd[1827]: Invalid user test from 10.0.2.2 port 4376
Jan  4 01:40:41 starlord sshd[1827]: Connection closed by invalid user test 10.0.2.2 port 4376 [preauth]
Jan  4 01:51:31 starlord sshd[1851]: Invalid user user from 10.0.2.2 port 13350
Jan  4 01:51:32 starlord sshd[1851]: Connection closed by invalid user user 10.0.2.2 port 13350 [preauth]
Jan  4 02:13:16 starlord sshd[1910]: Invalid user test from 10.0.2.2 port 36002
Jan  4 02:13:16 starlord sshd[1910]: Connection closed by invalid user test 10.0.2.2 port 36002 [preauth]
Jan  4 02:24:16 starlord sshd[1934]: Invalid user support from 10.0.2.2 port 10928
Jan  4 02:24:17 starlord sshd[1934]: Connection closed by invalid user support 10.0.2.2 port 10928 [preauth]
Jan  4 02:35:29 starlord sshd[1962]: Invalid user default from 10.0.2.2 port 3218
Jan  4 02:35:30 starlord sshd[1962]: Connection closed by invalid user default 10.0.2.2 port 3218 [preauth]
Jan  4 03:09:45 starlord sshd[2503]: Invalid user admin from 10.0.2.2 port 6354
Jan  4 03:09:45 starlord sshd[2503]: Connection closed by invalid user admin 10.0.2.2 port 6354 [preauth]
Jan  4 03:21:14 starlord sshd[2530]: Invalid user test from 10.0.2.2 port 9108
Jan  4 03:21:16 starlord sshd[2530]: Connection closed by invalid user test 10.0.2.2 port 9108 [preauth]
Jan  4 03:32:37 starlord sshd[2556]: Invalid user user from 10.0.2.2 port 35252
Jan  4 03:32:38 starlord sshd[2556]: Connection closed by invalid user user 10.0.2.2 port 35252 [preauth]
Jan  4 03:44:05 starlord sshd[2593]: Invalid user default from 10.0.2.2 port 57070
Jan  4 03:44:06 starlord sshd[2593]: Connection closed by invalid user default 10.0.2.2 port 57070 [preauth]
Jan  4 03:55:11 starlord sshd[2619]: Invalid user default from 10.0.2.2 port 16834
Jan  4 03:55:11 starlord sshd[2619]: Connection closed by invalid user default 10.0.2.2 port 16834 [preauth]
Jan  4 04:17:12 starlord sshd[2737]: Invalid user default from 10.0.2.2 port 56796
Jan  4 04:17:13 starlord sshd[2737]: Connection closed by invalid user default 10.0.2.2 port 56796 [preauth]
Jan  4 04:39:14 starlord sshd[2810]: Invalid user test from 10.0.2.2 port 63312
Jan  4 04:39:14 starlord sshd[2810]: Connection closed by invalid user test 10.0.2.2 port 63312 [preauth]
Jan  4 04:50:12 starlord sshd[2847]: Invalid user test from 10.0.2.2 port 65522
Jan  4 04:50:12 starlord sshd[2847]: Connection closed by invalid user test 10.0.2.2 port 65522 [preauth]
Jan  4 05:01:12 starlord sshd[2904]: Invalid user default from 10.0.2.2 port 31262
Jan  4 05:01:12 starlord sshd[2904]: Connection closed by invalid user default 10.0.2.2 port 31262 [preauth]
Jan  4 05:12:10 starlord sshd[2939]: Invalid user user from 10.0.2.2 port 52648
Jan  4 05:12:11 starlord sshd[2939]: Connection closed by invalid user user 10.0.2.2 port 52648 [preauth]
Jan  4 05:56:28 starlord sshd[3083]: Invalid user user from 10.0.2.2 port 39586
Jan  4 05:56:29 starlord sshd[3083]: Connection closed by invalid user user 10.0.2.2 port 39586 [preauth]
Jan  4 06:07:36 starlord sshd[3121]: Invalid user support from 10.0.2.2 port 55060
Jan  4 06:07:37 starlord sshd[3121]: Connection closed by invalid user support 10.0.2.2 port 55060 [preauth]
Jan  4 06:18:39 starlord sshd[3156]: Invalid user test from 10.0.2.2 port 53670
Jan  4 06:18:40 starlord sshd[3156]: Connection closed by invalid user test 10.0.2.2 port 53670 [preauth]
Jan  4 06:29:48 starlord sshd[3191]: Invalid user support from 10.0.2.2 port 24132
Jan  4 06:29:48 starlord sshd[3191]: Connection closed by invalid user support 10.0.2.2 port 24132 [preauth]
Jan  4 06:40:52 starlord sshd[3228]: Invalid user default from 10.0.2.2 port 59580
Jan  4 06:40:53 starlord sshd[3228]: Connection closed by invalid user default 10.0.2.2 port 59580 [preauth]
Jan  4 06:51:58 starlord sshd[3263]: Invalid user support from 10.0.2.2 port 42894
Jan  4 06:52:00 starlord sshd[3263]: Connection closed by invalid user support 10.0.2.2 port 42894 [preauth]
Jan  4 07:03:06 starlord sshd[3307]: Invalid user user from 10.0.2.2 port 52588
Jan  4 07:03:07 starlord sshd[3307]: Connection closed by invalid user user 10.0.2.2 port 52588 [preauth]
Jan  4 07:14:09 starlord sshd[3343]: Invalid user support from 10.0.2.2 port 23744
Jan  4 07:14:09 starlord sshd[3343]: Connection closed by invalid user support 10.0.2.2 port 23744 [preauth]
Jan  4 07:25:12 starlord sshd[3380]: Invalid user user from 10.0.2.2 port 50994
Jan  4 07:25:13 starlord sshd[3380]: Connection closed by invalid user user 10.0.2.2 port 50994 [preauth]
Jan  4 07:36:16 starlord sshd[3415]: Invalid user user from 10.0.2.2 port 15504
Jan  4 07:36:16 starlord sshd[3415]: Connection closed by invalid user user 10.0.2.2 port 15504 [preauth]
Jan  4 07:47:17 starlord sshd[3450]: Invalid user user from 10.0.2.2 port 59140
Jan  4 07:47:18 starlord sshd[3450]: Connection closed by invalid user user 10.0.2.2 port 59140 [preauth]
Jan  4 07:58:26 starlord sshd[3485]: Invalid user admin from 10.0.2.2 port 39234
Jan  4 07:58:26 starlord sshd[3485]: Connection closed by invalid user admin 10.0.2.2 port 39234 [preauth]
Jan  4 08:09:36 starlord sshd[3522]: Invalid user test from 10.0.2.2 port 14632
Jan  4 08:09:37 starlord sshd[3522]: Connection closed by invalid user test 10.0.2.2 port 14632 [preauth]
Jan  4 08:20:45 starlord sshd[3570]: Invalid user default from 10.0.2.2 port 62144
Jan  4 08:20:46 starlord sshd[3570]: Connection closed by invalid user default 10.0.2.2 port 62144 [preauth]
Jan  4 08:31:52 starlord sshd[3605]: Invalid user default from 10.0.2.2 port 36392
Jan  4 08:31:52 starlord sshd[3605]: Connection closed by invalid user default 10.0.2.2 port 36392 [preauth]
Jan  4 08:42:57 starlord sshd[3640]: Invalid user support from 10.0.2.2 port 61980
Jan  4 08:42:58 starlord sshd[3640]: Connection closed by invalid user support 10.0.2.2 port 61980 [preauth]
Jan  4 08:53:59 starlord sshd[3675]: Invalid user support from 10.0.2.2 port 46972
Jan  4 08:54:00 starlord sshd[3675]: Connection closed by invalid user support 10.0.2.2 port 46972 [preauth]
Jan  4 09:05:03 starlord sshd[3721]: Invalid user test from 10.0.2.2 port 22696
Jan  4 09:05:03 starlord sshd[3721]: Connection closed by invalid user test 10.0.2.2 port 22696 [preauth]
Jan  4 09:16:07 starlord sshd[3756]: Invalid user default from 10.0.2.2 port 40184
Jan  4 09:16:08 starlord sshd[3756]: Connection closed by invalid user default 10.0.2.2 port 40184 [preauth]
Jan  4 09:27:13 starlord sshd[3791]: Invalid user user from 10.0.2.2 port 11440
Jan  4 09:27:14 starlord sshd[3791]: Connection closed by invalid user user 10.0.2.2 port 11440 [preauth]
Jan  4 09:38:20 starlord sshd[3827]: Invalid user default from 10.0.2.2 port 48342
Jan  4 09:38:21 starlord sshd[3827]: Connection closed by invalid user default 10.0.2.2 port 48342 [preauth]
Jan  4 09:49:27 starlord sshd[3863]: Invalid user test from 10.0.2.2 port 53590
Jan  4 09:49:27 starlord sshd[3863]: Connection closed by invalid user test 10.0.2.2 port 53590 [preauth]
Jan  4 10:00:25 starlord sshd[3909]: Invalid user admin from 10.0.2.2 port 46586
Jan  4 10:00:26 starlord sshd[3909]: Connection closed by invalid user admin 10.0.2.2 port 46586 [preauth]
Jan  4 10:11:24 starlord sshd[3944]: Invalid user test from 10.0.2.2 port 16216
Jan  4 10:11:25 starlord sshd[3944]: Connection closed by invalid user test 10.0.2.2 port 16216 [preauth]
Jan  4 10:22:32 starlord sshd[3979]: Invalid user support from 10.0.2.2 port 46920
Jan  4 10:22:33 starlord sshd[3979]: Connection closed by invalid user support 10.0.2.2 port 46920 [preauth]
Jan  4 10:33:47 starlord sshd[4014]: Invalid user user from 10.0.2.2 port 24892
Jan  4 10:33:48 starlord sshd[4014]: Connection closed by invalid user user 10.0.2.2 port 24892 [preauth]
Jan  4 10:44:58 starlord sshd[4050]: Invalid user test from 10.0.2.2 port 2950
Jan  4 10:44:59 starlord sshd[4050]: Connection closed by invalid user test 10.0.2.2 port 2950 [preauth]
Jan  4 10:56:01 starlord sshd[4087]: Invalid user admin from 10.0.2.2 port 34944
Jan  4 10:56:02 starlord sshd[4087]: Connection closed by invalid user admin 10.0.2.2 port 34944 [preauth]
Jan  4 11:02:34 starlord sshd[4113]: Invalid user admin from 10.0.2.2 port 4233
Jan  4 11:02:34 starlord sshd[4113]: Disconnected from invalid user admin 10.0.2.2 port 4233 [preauth]
Jan  4 11:07:17 starlord sshd[4126]: Invalid user default from 10.0.2.2 port 14778
Jan  4 11:07:18 starlord sshd[4126]: Connection closed by invalid user default 10.0.2.2 port 14778 [preauth]
Jan  4 11:18:24 starlord sshd[4161]: Invalid user default from 10.0.2.2 port 30970
Jan  4 11:18:25 starlord sshd[4161]: Connection closed by invalid user default 10.0.2.2 port 30970 [preauth]
Jan  4 11:29:29 starlord sshd[4197]: Invalid user support from 10.0.2.2 port 23744
Jan  4 11:29:30 starlord sshd[4197]: Connection closed by invalid user support 10.0.2.2 port 23744 [preauth]
Jan  4 11:40:34 starlord sshd[4234]: Invalid user test from 10.0.2.2 port 17016
Jan  4 11:40:35 starlord sshd[4234]: Connection closed by invalid user test 10.0.2.2 port 17016 [preauth]
Jan  4 11:51:48 starlord sshd[4269]: Invalid user support from 10.0.2.2 port 34922
Jan  4 11:51:49 starlord sshd[4269]: Connection closed by invalid user support 10.0.2.2 port 34922 [preauth]
Jan  4 12:02:54 starlord sshd[4313]: Invalid user default from 10.0.2.2 port 43022
Jan  4 12:02:55 starlord sshd[4313]: Connection closed by invalid user default 10.0.2.2 port 43022 [preauth]
Jan  4 12:14:06 starlord sshd[4349]: Invalid user support from 10.0.2.2 port 64846
Jan  4 12:14:07 starlord sshd[4349]: Connection closed by invalid user support 10.0.2.2 port 64846 [preauth]
Jan  4 12:25:25 starlord sshd[4386]: Invalid user default from 10.0.2.2 port 43868
Jan  4 12:25:25 starlord sshd[4386]: Connection closed by invalid user default 10.0.2.2 port 43868 [preauth]
Jan  4 12:36:38 starlord sshd[4422]: Invalid user admin from 10.0.2.2 port 6662
Jan  4 12:36:38 starlord sshd[4422]: Connection closed by invalid user admin 10.0.2.2 port 6662 [preauth]
Jan  4 12:58:58 starlord sshd[4492]: Invalid user support from 10.0.2.2 port 1242
Jan  4 12:58:58 starlord sshd[4492]: Connection closed by invalid user support 10.0.2.2 port 1242 [preauth]
Jan  4 13:09:51 starlord sshd[4529]: Invalid user default from 10.0.2.2 port 63698
Jan  4 13:09:52 starlord sshd[4529]: Connection closed by invalid user default 10.0.2.2 port 63698 [preauth]
Jan  4 13:20:50 starlord sshd[4566]: Invalid user support from 10.0.2.2 port 48388
Jan  4 13:20:51 starlord sshd[4566]: Connection closed by invalid user support 10.0.2.2 port 48388 [preauth]
Jan  4 13:31:54 starlord sshd[4601]: Invalid user default from 10.0.2.2 port 26436
Jan  4 13:31:55 starlord sshd[4601]: Connection closed by invalid user default 10.0.2.2 port 26436 [preauth]
Jan  4 13:43:06 starlord sshd[4650]: Invalid user user from 10.0.2.2 port 64110
Jan  4 13:43:07 starlord sshd[4650]: Connection closed by invalid user user 10.0.2.2 port 64110 [preauth]
Jan  4 13:54:11 starlord sshd[4692]: Invalid user support from 10.0.2.2 port 19346
Jan  4 13:54:11 starlord sshd[4692]: Connection closed by invalid user support 10.0.2.2 port 19346 [preauth]
Jan  4 14:05:09 starlord sshd[4716]: Invalid user admin from 10.0.2.2 port 53612
Jan  4 14:05:10 starlord sshd[4716]: Connection closed by invalid user admin 10.0.2.2 port 53612 [preauth]
Jan  4 14:16:13 starlord sshd[4729]: Invalid user user from 10.0.2.2 port 33520
Jan  4 14:16:13 starlord sshd[4729]: Connection closed by invalid user user 10.0.2.2 port 33520 [preauth]
Jan  4 14:27:06 starlord sshd[4742]: Invalid user test from 10.0.2.2 port 30460
Jan  4 14:27:07 starlord sshd[4742]: Connection closed by invalid user test 10.0.2.2 port 30460 [preauth]
Jan  4 14:38:11 starlord sshd[4756]: Invalid user user from 10.0.2.2 port 60488
Jan  4 14:38:12 starlord sshd[4756]: Connection closed by invalid user user 10.0.2.2 port 60488 [preauth]
Jan  4 14:49:20 starlord sshd[849]: Invalid user support from 10.0.2.2 port 19776
Jan  4 14:49:21 starlord sshd[849]: Connection closed by invalid user support 10.0.2.2 port 19776 [preauth]
Jan  4 15:00:22 starlord sshd[873]: Invalid user test from 10.0.2.2 port 57034
Jan  4 15:00:23 starlord sshd[873]: Connection closed by invalid user test 10.0.2.2 port 57034 [preauth]
Jan  4 15:11:30 starlord sshd[886]: Invalid user unknown from 10.0.2.2 port 38946
Jan  4 15:11:31 starlord sshd[886]: Connection closed by invalid user unknown 10.0.2.2 port 38946 [preauth]
Jan  4 15:22:37 starlord sshd[918]: Invalid user ubnt from 10.0.2.2 port 9560
Jan  4 15:22:37 starlord sshd[918]: Connection closed by invalid user ubnt 10.0.2.2 port 9560 [preauth]
Jan  4 15:33:34 starlord sshd[966]: Invalid user debian from 10.0.2.2 port 4302
Jan  4 15:33:34 starlord sshd[966]: Connection closed by invalid user debian 10.0.2.2 port 4302 [preauth]
Jan  4 15:44:40 starlord sshd[984]: Invalid user debian from 10.0.2.2 port 61652
Jan  4 15:44:41 starlord sshd[984]: Connection closed by invalid user debian 10.0.2.2 port 61652 [preauth]
Jan  4 16:07:01 starlord sshd[1014]: Invalid user guest from 10.0.2.2 port 65378
Jan  4 16:07:03 starlord sshd[1014]: Connection closed by invalid user guest 10.0.2.2 port 65378 [preauth]
Jan  4 16:18:05 starlord sshd[1027]: Invalid user config from 10.0.2.2 port 36680
Jan  4 16:18:05 starlord sshd[1027]: Connection closed by invalid user config 10.0.2.2 port 36680 [preauth]
Jan  4 16:29:17 starlord sshd[1040]: Invalid user config from 10.0.2.2 port 59440
Jan  4 16:29:18 starlord sshd[1040]: Connection closed by invalid user config 10.0.2.2 port 59440 [preauth]
Jan  4 16:40:27 starlord sshd[1055]: Invalid user centos from 10.0.2.2 port 24906
Jan  4 16:40:28 starlord sshd[1055]: Connection closed by invalid user centos 10.0.2.2 port 24906 [preauth]
Jan  4 16:51:37 starlord sshd[1068]: Invalid user guest from 10.0.2.2 port 10974
Jan  4 16:51:38 starlord sshd[1068]: Connection closed by invalid user guest 10.0.2.2 port 10974 [preauth]
Jan  4 17:02:47 starlord sshd[1090]: Invalid user blank from 10.0.2.2 port 36126
Jan  4 17:02:48 starlord sshd[1090]: Connection closed by invalid user blank 10.0.2.2 port 36126 [preauth]
Jan  4 17:02:52 starlord sshd[1092]: Invalid user blank from 10.0.2.2 port 36148
Jan  4 17:02:52 starlord sshd[1092]: Connection closed by invalid user blank 10.0.2.2 port 36148 [preauth]
Jan  4 17:13:52 starlord sshd[1105]: Invalid user centos from 10.0.2.2 port 21336
Jan  4 17:13:53 starlord sshd[1105]: Connection closed by invalid user centos 10.0.2.2 port 21336 [preauth]
Jan  4 17:25:03 starlord sshd[1120]: Invalid user config from 10.0.2.2 port 27756
Jan  4 17:25:04 starlord sshd[1120]: Connection closed by invalid user config 10.0.2.2 port 27756 [preauth]
Jan  4 17:36:12 starlord sshd[1133]: Invalid user config from 10.0.2.2 port 16142
Jan  4 17:36:12 starlord sshd[1133]: Connection closed by invalid user config 10.0.2.2 port 16142 [preauth]
Jan  4 17:58:24 starlord sshd[1159]: Invalid user ubnt from 10.0.2.2 port 14510
Jan  4 17:58:25 starlord sshd[1159]: Connection closed by invalid user ubnt 10.0.2.2 port 14510 [preauth]
Jan  4 18:20:44 starlord sshd[1189]: Invalid user blank from 10.0.2.2 port 13048
Jan  4 18:20:45 starlord sshd[1189]: Connection closed by invalid user blank 10.0.2.2 port 13048 [preauth]
Jan  4 18:31:59 starlord sshd[1202]: Invalid user unknown from 10.0.2.2 port 54870
Jan  4 18:31:59 starlord sshd[1202]: Connection closed by invalid user unknown 10.0.2.2 port 54870 [preauth]
Jan  4 18:43:07 starlord sshd[1215]: Invalid user debian from 10.0.2.2 port 32596
Jan  4 18:43:08 starlord sshd[1215]: Connection closed by invalid user debian 10.0.2.2 port 32596 [preauth]
Jan  4 18:54:12 starlord sshd[1228]: Invalid user debian from 10.0.2.2 port 27472
Jan  4 18:54:12 starlord sshd[1228]: Connection closed by invalid user debian 10.0.2.2 port 27472 [preauth]
Jan  4 19:05:15 starlord sshd[1252]: Invalid user centos from 10.0.2.2 port 41946
Jan  4 19:05:15 starlord sshd[1252]: Connection closed by invalid user centos 10.0.2.2 port 41946 [preauth]
Jan  4 19:16:16 starlord sshd[1265]: Invalid user guest from 10.0.2.2 port 33020
Jan  4 19:16:16 starlord sshd[1265]: Connection closed by invalid user guest 10.0.2.2 port 33020 [preauth]
Jan  4 19:27:21 starlord sshd[1278]: Invalid user guest from 10.0.2.2 port 23178
Jan  4 19:27:21 starlord sshd[1278]: Connection closed by invalid user guest 10.0.2.2 port 23178 [preauth]
Jan  4 19:38:23 starlord sshd[1291]: Invalid user centos from 10.0.2.2 port 44116
Jan  4 19:38:24 starlord sshd[1291]: Connection closed by invalid user centos 10.0.2.2 port 44116 [preauth]
Jan  4 19:49:20 starlord sshd[1304]: Invalid user blank from 10.0.2.2 port 35076
Jan  4 19:49:21 starlord sshd[1304]: Connection closed by invalid user blank 10.0.2.2 port 35076 [preauth]
Jan  4 20:00:11 starlord sshd[1328]: Invalid user blank from 10.0.2.2 port 28372
Jan  4 20:00:12 starlord sshd[1328]: Connection closed by invalid user blank 10.0.2.2 port 28372 [preauth]
Jan  4 20:11:03 starlord sshd[1341]: Invalid user debian from 10.0.2.2 port 14712
Jan  4 20:11:03 starlord sshd[1341]: Connection closed by invalid user debian 10.0.2.2 port 14712 [preauth]
Jan  4 20:22:00 starlord sshd[1347]: Invalid user guest from 10.0.2.2 port 53734
Jan  4 20:22:02 starlord sshd[1347]: Connection closed by invalid user guest 10.0.2.2 port 53734 [preauth]
Jan  4 20:33:00 starlord sshd[1360]: Invalid user unknown from 10.0.2.2 port 15800
Jan  4 20:33:01 starlord sshd[1360]: Connection closed by invalid user unknown 10.0.2.2 port 15800 [preauth]
Jan  4 20:43:55 starlord sshd[1373]: Invalid user debian from 10.0.2.2 port 53826
Jan  4 20:43:56 starlord sshd[1373]: Connection closed by invalid user debian 10.0.2.2 port 53826 [preauth]
Jan  4 20:54:55 starlord sshd[1386]: Invalid user blank from 10.0.2.2 port 20450
Jan  4 20:54:56 starlord sshd[1386]: Connection closed by invalid user blank 10.0.2.2 port 20450 [preauth]
Jan  4 21:06:05 starlord sshd[1410]: Invalid user ubnt from 10.0.2.2 port 35994
Jan  4 21:06:06 starlord sshd[1410]: Connection closed by invalid user ubnt 10.0.2.2 port 35994 [preauth]
Jan  4 21:28:01 starlord sshd[1436]: Invalid user blank from 10.0.2.2 port 13454
Jan  4 21:28:02 starlord sshd[1436]: Connection closed by invalid user blank 10.0.2.2 port 13454 [preauth]
Jan  4 21:38:56 starlord sshd[1449]: Invalid user blank from 10.0.2.2 port 50526
Jan  4 21:38:56 starlord sshd[1449]: Connection closed by invalid user blank 10.0.2.2 port 50526 [preauth]
Jan  4 21:49:53 starlord sshd[1462]: Invalid user unknown from 10.0.2.2 port 8542
Jan  4 21:49:54 starlord sshd[1462]: Connection closed by invalid user unknown 10.0.2.2 port 8542 [preauth]
Jan  4 22:00:51 starlord sshd[1486]: Invalid user guest from 10.0.2.2 port 5574
Jan  4 22:00:52 starlord sshd[1486]: Connection closed by invalid user guest 10.0.2.2 port 5574 [preauth]
Jan  4 22:11:50 starlord sshd[1499]: Invalid user config from 10.0.2.2 port 29822
Jan  4 22:11:51 starlord sshd[1499]: Connection closed by invalid user config 10.0.2.2 port 29822 [preauth]
Jan  4 22:33:40 starlord sshd[1525]: Invalid user ubnt from 10.0.2.2 port 55444
Jan  4 22:33:41 starlord sshd[1525]: Connection closed by invalid user ubnt 10.0.2.2 port 55444 [preauth]
Jan  4 22:44:33 starlord sshd[1538]: Invalid user centos from 10.0.2.2 port 55180
Jan  4 22:44:34 starlord sshd[1538]: Connection closed by invalid user centos 10.0.2.2 port 55180 [preauth]
Jan  4 22:55:22 starlord sshd[1553]: Invalid user unknown from 10.0.2.2 port 2762
Jan  4 22:55:23 starlord sshd[1553]: Connection closed by invalid user unknown 10.0.2.2 port 2762 [preauth]
Jan  4 23:06:14 starlord sshd[1568]: Invalid user guest from 10.0.2.2 port 1096
Jan  4 23:06:15 starlord sshd[1568]: Connection closed by invalid user guest 10.0.2.2 port 1096 [preauth]
Jan  4 23:17:17 starlord sshd[1581]: Invalid user blank from 10.0.2.2 port 27470
Jan  4 23:17:17 starlord sshd[1581]: Connection closed by invalid user blank 10.0.2.2 port 27470 [preauth]
Jan  4 23:39:30 starlord sshd[1607]: Invalid user ubnt from 10.0.2.2 port 39444
Jan  4 23:39:30 starlord sshd[1607]: Connection closed by invalid user ubnt 10.0.2.2 port 39444 [preauth]
Jan  4 23:50:30 starlord sshd[1622]: Invalid user ubnt from 10.0.2.2 port 64944
Jan  4 23:50:30 starlord sshd[1622]: Connection closed by invalid user ubnt 10.0.2.2 port 64944 [preauth]

...

-- End of security output --