Security

Show Failed SSH Login Attempts

Today’s article is pretty straightforward, I’m going to show you how to show failed SSH login attempts. It should be a pretty short article, as I’m just going to show you two ways for a couple of system types. This is Linux, so there are certainly more ways to go about it, but I’ll show you a couple of them.

Yes, I’ve written about SSH a great deal. It is, in my opinion, one of the greatest remote administration tools ever conceived. But, attackers know this and any public-facing computer, with an IP address that can be reached externally, will be subject to port scanning and intrusion attempts. 

I’ve written some SSH security articles, but one of the best things you can do is change the port that SSH uses. This will stop a bunch of malicious intrusion attempts. However, smart hackers will quickly scan for open ports with automated tools. Some of them will inevitably find your SSH port.

These people will then try to login. Securing your SSH is pretty important. I’ve written a few articles, so here’s a search of SSH-related articles previously published. Feel free to browse them at your leisure. I really need to do an article about Fail2Ban, but I haven’t gotten that far yet. One of these days!

So, like I said, you can show failed SSH login attempts. One of the things you can do with this information is scan for commonalities. You can also check to see if the hackers are using a username that already exists. If they’re using a username that already exists, it could be coincidental or it could mean they already have some insider information. 

Well then, let’s jump into the article…

Show Failed SSH Login Attempts:

Like oh so many of my articles, and this one involving SSH, you’re going to want an open terminal for this. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

By the way, if you’re this far into the article and don’t know what SSH, it’s ‘secure shell’ and a way to remotely connect to another computer. Basically, you login to a remote computer and then you’re using the remote computer’s terminal. However, you can do so with graphics, you just need to forward x11.

So, it’s a pretty useful tool. I use SSH often, even in my own home. What? It’s faster than walking to another room, and I often test things remotely. SSH makes perfect sense for this sort of stuff.

With your terminal freshly open and properly logged into the remote computer, you can show failed SSH login attempts pretty easily. Like I said, I’ll show you a couple of ways. The first is pretty universal and should work with all but a couple distros:

grep "Failed password" /var/log/auth.log

RHEL and CentOS (Fedora too? I have not tested.) may store the data elsewhere, so you can try this command to show failed SSH login attempts:

grep "Failed" /var/log/secure

If you have failed SSH login attempts, one of those two commands should show you them. If the first doesn’t work, and you know you have failed attempts, try the second one. The logs are usually stored (as far as I know) in either of those two locations.

Closure:

See? It’s a nice and short article today, just like I said it would be. This time around, we’ve learned how to show failed SSH login attempts. Even if you’re using Fail2Ban and mandating certificate login, it’s always good to check to see what the bad guys are up to.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

KGIII

Retired mathematician, residing in the mountains of Maine. I may be old and wise, but I am not infallible. Please point out any errors. And, as always, thanks again for reading.

Recent Posts

Enable/Disable Your Network Interface

Today we'll cover one way to enable or disable your network interface in the Linux…

7 months ago

Check Your NIC Speed In The Terminal

Today's exercise is a nice and simple exercise where we check your NIC speed in…

7 months ago

Easily Monitor Your Wireless Connection

Have you ever wanted to easily monitor your wireless connection? Well, now you can learn…

7 months ago

Count The Files In A Directory

I think I've covered this before with the ls command but this time we'll count…

7 months ago

Get System Information With The ‘uname’ Command In Linux

Today we'll be learning about a basic Linux command that's known as 'uname' and it…

7 months ago

hardinfo Has Been Rebooted As hardinfo2

If you've used hardinfo in the past, it may interest you to know that hardinfo…

7 months ago