How to find all failed SSH login attempts in NGE Linux ?

Linux keeps tracks of all failed login attempts and this can be viewed by analyzing the /var/log/secure file.

NGELinux, Centos,Redhat:

# egrep "Fail(ed|ure)" /var/log/secure

An example can be seen as follows:

[root@nglinux data]# egrep "Fail(ed|ure)" /var/log/secure
Dec 28 08:00:43 localhost sshd[5604]: Failed password for root from ::1 port 54102 ssh2
Dec 28 08:00:46 localhost sshd[5604]: Failed password for root from ::1 port 54102 ssh2
[root@nglinux data]# 

And in Ubuntu, we have /var/log/autho.log file instead of secure file.

# egrep "Fail(ed|ure)" /var/log/auth.log

I hope you liked the small article.

Please do subscribe to this blog to stay updated.

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments