[CentOS] CentOS6 - Break in attempt? What is the Exploit?

Mon Sep 21 19:37:00 UTC 2015
m.roth at 5-cent.us <m.roth at 5-cent.us>

Gordon Messmer wrote:
>> > In other words, the
>> >hostkeys would be identical.
> I think what the error indicates is that a client tried to connect to
> SSH, and the host key there did not match the fingerprint in the
> client's "known_hosts" database.
>> >It seems to me that someone attempted an ssh connection while spoofing
>> >our internal address.  Is such a thing even possible? If so then how
>> >does it work?
> In the situation as you've described it, probably not.
> It would be best to go to your logs themselves for the full log entry
> and context, rather than relying on a report that summarizes log entries.

Looks like someone trying to break in. You *are* running fail2ban, are you
not? If not, you need to install and fire it up, now.

I see a *lot* of this... but then, I work for a US gov't federal
contractor (civilian sector), and let me assure you, I get tired of all
the attempts from China, Brazil, and other places trying to ssh in - it
really clutters my logfiles.