Check for failed SSHD authentication attempts in OpenSuse 10.3

Unlike Debian which uses the standard /var/log/sshd style logfile, OpenSuse uses the newer syslog-ng facility and is generally more annoying when trying to just parse a log file for some useful info.  However, it is not impossible, and it seems many users (including myself) were having a hard time finding where failed sshd login attempts get logged.  Webmin was not of much assistance in this area, nor was google.  I however did manage to eventually find, by using my grip function that I posted about earlier in /var/log to find this little nugget:

cat /var/log/warn |grep sshd |grep failure |less

You will probably want to make an alias out of that, like this:

echo “alias sshfail=’cat /var/log/warn |grep sshd |grep failure |less’” >> ~/.bashrc

Make sure to re-execute bash to re-load your .bashrc and apply the alias.  When you want to see who is trying to bruteforce your server, simply type sshfail and it will pop up a list of all the attempts.

Remember to always keep your ssh server as secure as possible to prevent attacks.  I have written a whitepaper on this which can be found here and will probably get its own post when time allows.

Posted in Computers, Linux | No Comments »

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.