How to find all failed SSH login attempts in NGE Linux ?
Linux keeps tracks of all failed login attempts and this can be viewed by analyzing the /var/log/secure file.
NGELinux, Centos,Redhat:
# egrep "Fail(ed|ure)" /var/log/secure
An example can be seen as follows:
[root@nglinux data]# egrep "Fail(ed|ure)" /var/log/secure Dec 28 08:00:43 localhost sshd[5604]: Failed password for root from ::1 port 54102 ssh2 Dec 28 08:00:46 localhost sshd[5604]: Failed password for root from ::1 port 54102 ssh2 [root@nglinux data]#
And in Ubuntu, we have /var/log/autho.log file instead of secure file.
# egrep "Fail(ed|ure)" /var/log/auth.log
I hope you liked the small article.
Please do subscribe to this blog to stay updated.