Secure your VPS, Security

Debian – See all SSH login attempts

by  •  • 7 Comments

Guess I’m not the only one who have a lot of unauthorized login attempts via SSH on my Linux servers.
With a simple command, you can watch failed or successful login attempts in /var/log/auth.log.

#As root or via sudo, type this to see all failed login attempts

#If you want to see successful logins, type this

Anyways, the first thing you should do on a new server is to disable password logins, only allowing logins using private keys.
You can read about it here.

7 comments for “Debian – See all SSH login attempts

  1. Pingback: Quickies: check your ssh login attempts (Debian) | 0ddn1x: tricks with *nix
  2. SegmentationFault
    November 14, 2013 at 21:31

    http://en.wikipedia.org/wiki/Cat_%28Unix%29#Useless_use_of_cat

    grep is your friend.

    grep sshd.*Invalid /var/log/auth

    Reply
  3. Littledog
    August 28, 2014 at 16:05

    I think this is a better idea.
    sudo cat /var/log/auth.log | grep “Accepted password”
    then you will see from where the connection came.

    Reply
  4. Francis Kim
    June 14, 2016 at 07:19

    The 2nd line came in handy – thanks.

    Reply
  5. Maki
    June 29, 2016 at 15:07

    The above greps only – invalid users – logins, it doesn’t include failed logins on existing users :

    grep sshd.\*Failed /var/log/auth.log | less

    is the proper command to see all failed logins.

    Reply
  6. Pingback: H4) – Sivuston otsikko

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.