How to Find All Failed SSH Login Attempts in Ubuntu

Among the most common responsibilities of admins would be to maintain a count of effective and ineffective login attempts to guarantee that the system is clean of undesired and unlawful incursions. Owners could also examine the logs to determine whether the systems have experienced any security issues. Whenever anyone tries to connect to such a server via SSH, a log file is produced. The desired access date, timezone, log-in details, and IP address are all visible. SSH was developed as a protocol for establishing links between different client/server setups, enabling admins and consumers to manage the server/workstation distantly.

Find failed SSH login attempts

Let’s start to find out the failed ssh login attempts in Ubuntu 20.04. After the login from Ubuntu, make sure you have an SSH server or package configured on the system. If not, make sure to install it with the apt command within the shell. But before that, open the terminal console through Ctrl+Alt+T” to do that. After opening the console, try out the query below.

$ sudo apt install ssh

Tap “Y” upon being asked to continue the setup process of SSH.

It will be configured in just a few moments. You will find the finishing lines in the terminal as below. After the SSH setup, make sure you have done some failed login attempts by restarting your Linux system.

Now the SSH server has been configured, it’s time to enable it on our system. For this purpose, try out the “systemctl” instruction within the shell along with the sudo privileges. Make sure to add the keyword “enable” with “ssh” service in it as below. This command will help synchronize the ssh service with the system as per the output shown in the snap.

$ sudo systemctl enable ssh

Now the SSH service has been enabled, we must start the service to use it further. Use the same syntax of systemctl command sed before while replacing “enable” with the keyword “start” this time.

$ sudo systemctl start ssh

We can have a look at the status of SSH service within Ubuntu 20.04, by utilizing the stated command below. The output displayed is showing that the SSH service is active and running successfully within the workstation Ubuntu 20.04.

$ sudo systemctl status ssh

to have a look at the list of all the failed login attempts, we will be using two or more commands. Let’s have our first query to list the failed attempts of login by a grep command with “sudo” privileges while mentioning the log file path.

$ sudo grep "Failed password" /var/log/auth.log

Another way to list the ssh failed login attempts is by using the “cat” query with the exchange of location for keywords. It outputs one failed attempt.

$ sudo cat /var/log/auth.log | grep "Failed password"

Another way to list the attempts is by mentioning the “Failed|Failure” keyword within the “egrep” query as follows:

$ sudo egrep "Failed|Failure" /var/log/auth.log

To make it more highlighted, login as a root by a sudo query first. Try out all the above queries in a root terminal and get the failed login attempt by a failed password and others as well.

$ sudo su
# cat /var/log/auth.log | grep "Failed password"

# egrep "Failed|Failure" /var/log/auth.log

Conclusion

Within this article, we have shown you how to use the apt instruction to set up ssh over an Ubuntu 20.04 machine. You may discover all unsuccessful ssh login attempts on the Ubuntu 20.04 Linux system by examining and implementing this guide. We look forward to having this guidance useful during your related job.

Leave a Comment