Today's article has you checking your logs for failed SSH login attempts...

K

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
11,803
Reaction score
10,370
Credits
97,628
I list a couple of ways, as a few distros log this data differently/elsewhere. One or the other should work for everyone, as far as I know.

There's also more than one way to accomplish this sort of stuff, I just go over a couple. Feel free to add your own ways, here or as a comment on the article itself.

Show Failed SSH Login Attempts • Linux Tips

Today's article is pretty straightforward, I'm going to show you how to show failed SSH login attempts. It should be a pretty short article,
linux-tips.us linux-tips.us

I do love me some feedback.
 


The first way worked for me (Debian 11) It doesn't appear to be any failed attempts, have a look:

Code: 
Oct 10 21:02:08 ********** sudo:     *********: TTY=pts/0 ; PWD=/home/********* ; USER=root ; COMMAND=/usr/bin/grep Failed password /var/log/auth.log
 
Looks okay to me. Is it public facing, forwarded through your NAT router? Is it on the standard port, or did you change that?

For my web-facing stuff, I obviously have SSH available. That stuff gets hammered on, even with the port changed to a non-standard port. My stuff at home isn't available on the public 'net. I don't forward those ports - as a general rule.

If I'm away from home for a while (I sometimes spend part of winter elsewhere), I'll enable SSH over the 'net, but I keep it pretty secure, including limiting the IP address to that of a VPN. I should probably write an article about that and Fail2Ban. I'll get to 'em eventually.
 
I haven't done anything intentionally to the network, I only plug a usb router with a sim card in to it and I have access automatically to the internet. That's all I do

How can I stop being public facing?
 
Terminal Velocity said:
How can I stop being public facing?
Click to expand...

Probably just keep doing what you're doing. It's probably not forwarded unless you set it up to do so in the router's configuration section.

You can verify it, if you want. Just try to connect with the public IP address and see if you can connect. If you can connect, it's open to the public. If you can't connect, it's not open to the public.

The default is, every time I've checked - and unless otherwise intentionally configured with things like professional firewalls meant for datacenters, that it's disabled. If you sign up for a VPS, there will likely be a disk image you start with and that will go through hardware that forwards ports by default. Your home router is very different and most likely doesn't forward port 22 unless you told it to.
 
I typed ''whats my IP'' to google and it told me my IP, then I passed it to the address bar of my browser and nothing happened, it doesn't loading.

If that what you meant then I'm not public facing, your articles are always an adventure
 
I'd try it from the terminal. Just change your current SSH command to use your public IP address instead of your local IP address or hostname (if you use that).

But, there's a 99.9% (number made up) chance of it not working through your public IP address. To make it work, you'd have to tell the router to forward the right port to the correct device. As you've not done that, it almost certainly won't work over the public IP address.

Just loading it in the browser would only check to see if you had a web server running on port 80. That's all that would test for.
 
You must log in or register to reply here.

Members online

Total: 1,445 (members: 4, guests: 1,441)

Latest posts

Top