I keep having my root account locked out. It is not unlocking after the 900 second time out limit. I thought it was an issue with my backup software. I use Veeam Backup and Replication, but I use that for a lot of different client that I support and I am not having this issue anywhere else. According to the Auth.log the issue seems to be cause by one server, which is an AD, but from random ports. I have attached the Auth.log.
I am able to unlock the root account and everything works for a shot time then the issue is back.
If you think it is caused by one server maybe there is a scheduled task on that server that is trying do to something on your host.
If you really suspect to your backup software, change the corresponding credential of the ESXi that you were set on the VEEAM backup management console
That has already been done. Veeam wouldn't work if I didn't have the correct ESXi credentials to access the host entered.
Hey, hope you are safe and sound.
Your auth.log is filled with these entries:
2020-06-18T22:23:42Z sshd[3567787]: Bad protocol version identification ' ' from 192.168.0.24 port 52657
2020-06-18T23:38:44Z sshd[3568564]: /etc/ssh/sshd_config line 7: Deprecated option UsePrivilegeSeparation
2020-06-18T23:38:44Z sshd[3568564]: /etc/ssh/sshd_config line 15: Unsupported option PrintLastLog
2020-06-18T23:38:44Z sshd[3568564]: Connection from 192.168.0.24 port 65307
What is running in this server 192.168.0.24?
Maybe a monitoring server or something like that?
Also you can use tcpdump-uw or pktcap-uw to capture all traffic inside a pcap file and then, check it carefully inside the Wireshark (or another similar tools) via sorting IP address of incoming packets. Maybe you find an unexpected network stream ...