SSH Password Guessing?

Follow

fyrekcaz

• October 31, 2025 22:49

I recently got a notification for "SSH Password Guessing":

"Device appears to be guessing SSH Passwords on XXX.XXX.XXX.XXX"

The device is my personal desktop and the IP address is to a server that is mine, so I'm not too worried but am curious how this happened.

I was using SFTP to connect to that server about 45 mins before the notification came through and I did mistype the password the first time around.

Thing is, I use SSH/SFTP every day and I've never got this notification before -- does this have something to do with the latest update from today?

0

• 

  Firewalla

  • October 31, 2025 23:53

  It is possible that the alarm may be a false possitive. Meaning, the network events was wrong, and it made a wrong prediction. 

  0

  Comment actions Permalink
• 

  fyrekcaz

  • November 01, 2025 00:11

  Interesting...

  Would you agree that since it was to a server I manage it's not really of concern? 

  I do have a handful of SSH Keys, so it could have cycled through those to cause it. 

  0

  Comment actions Permalink
• 

  Bob O'Hara

  • November 01, 2025 00:24

  Are you running an antivirus on your desktop? Many antivirus programs have a “network vulnerability” feature that searches for open services like ssh and telnet, then probes for weak credentials.

  0

  Comment actions Permalink
• 

  fyrekcaz

  • November 01, 2025 17:18

  Just Malwarebytes on macOS, which I don’t think is that advanced.

  0

  Comment actions Permalink

Please sign in to leave a comment.