Debian – See all SSH login attempts

Guess I’m not the only one who have a lot of unauthorized login attempts via SSH on my Linux servers.
With a simple command, you can watch failed or successful login attempts in /var/log/auth.log.

#As root or via sudo, type this to see all failed login attempts

#If you want to see successful logins, type this

Anyways, the first thing you should do on a new server is to disable password logins, only allowing logins using private keys.
You can read about it here.

7 comments for “Debian – See all SSH login attempts

  1. SegmentationFault
    November 14, 2013 at 21:31

    grep is your friend.

    grep sshd.*Invalid /var/log/auth

  2. Littledog
    August 28, 2014 at 16:05

    I think this is a better idea.
    sudo cat /var/log/auth.log | grep “Accepted password”
    then you will see from where the connection came.

  3. June 14, 2016 at 07:19

    The 2nd line came in handy – thanks.

  4. Maki
    June 29, 2016 at 15:07

    The above greps only – invalid users – logins, it doesn’t include failed logins on existing users :

    grep sshd.\*Failed /var/log/auth.log | less

    is the proper command to see all failed logins.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.