Table of Contents
Failed ssh attempts in Ubuntu
As a system administrator some times it is important to keep track or look for who is trying to access your machine for security purposes. Every attempt of login into the ssh server running on our ubuntu is recorded into /var/log/auth.log file.
Here is the snapshot of my /var/log/auth.log file which shows the failed attempt of ssh entry. Here we can see that someone with IP 195.9.109.190 is trying to enter in my ubuntu-exp machine (obviously unwanted access).
Commands
You can also use commands journalctl. See the following example it will list all the lines with the invalid users.
ubuntu@ubuntu-exp:~$ journalctl _SYSTEMD_UNIT=ssh.service | grep "invalid user"
Failed ssh attempts in CentOS
Every login or attempt of login into the ssh server running on our CentOS is recorded into /var/log/secure file.
Below I have attached a snapshot of /var/log/secure from my CentOS machine. you can see that the same IP address is again trying to access my centos machine also.
Commands
You can also use commands journalctl. See the following example it will list all the lines with the invalid users.
[root@test centos]# journalctl _SYSTEMD_UNIT=sshd.service | grep "invalid user"
Summary
From the failed ssh login we can see that one of the IP addresses is trying to access both machines. Now realizing this as a threat we can take precautions like blocking this IP address etc.