Categories
all tutorials

How to view login failures on your Linux server (Sysadmin Tips)

So you’re SSHing to your remote server and you noticed there were thousands of failed attempts to get into your server since your last login. What can you do about it? Well, you can use a SSH key and disable password login. You can also use a different port to make it a bit more difficult for hackers and script-kiddies to find the SSH port.

If you run this command, you can see all the failed attempts on your server including their IP addresses, the username they used, port number and when they tried it.

For CentOS / RHEL servers

grep "Failed password" /var/log/secure

For Ubuntu servers

grep "Failed password" /var/log/auth.log
There you have it.

Thanks to tecmint for sharing this.

Leave a Reply

Your email address will not be published. Required fields are marked *

Blue Captcha Image
Refresh

*