Wednesday, 26 February 2014

How To Monitor Failed SSH Attempts

Disable Password Authentication for better Security

More about SSH can be found here.

You might be astonished how many people try to break into your computer via ssh. It is advisable to use key-based authentication only. Article for key-based authentication.

Enable monitoring

sudo gedit /etc/ssh/sshd_config
--> change LogLevel INFO to LogLevel VERBOSE

SSH login attempts will now be saved in your /var/log/auth.log file.

Accessing the information

sudo cat /var/log/auth.log | grep sshd
sudo cat /var/log/auth.log | grep Fail

sudo cat /var/log/auth.log | grep Invalid

Disabling SSH all-together

sudo mv /etc/init/ssh.conf /etc/init/ssh.conf.disabled

0 comments:

Post a Comment