30

Trying to find out why fail2ban is not working.

Where does Ubuntu 14.04 log SSH access attempts?

Maythux
  • 87,123
timbram
  • 2,255
  • 5
  • 20
  • 21

2 Answers2

39

All login attempts are logged to /var/log/auth.log

Search for brute-force SSH logins

Run this command:

grep sshd.\*Failed /var/log/auth.log | less

Search for failed connections

Run this command:

grep sshd.*Did /var/log/auth.log | less

UPDATE:

You should try restarting the syslog daemon to see if it starts to log to the correct file.

sudo service rsyslog restart

Once you have messages going to the auth.log it should start working.

Maythux
  • 87,123
3

The default log settings for ssh are "INFO".

If you want to have it include login attempts in the log file, you'll need to edit the /etc/ssh/sshd_config file and change the "LogLevel" from INFO to VERBOSE.

After that, restart the sshd daemon with

sudo service rsyslog restart

After that, the ssh login attempts will be logged into the /var/log/auth.log file.

Videonauth
  • 33,815