Keep an eye on your SSH server with this short command.

Oct 11

Setting up and running your own little SSH server is not really hard. Just punch in sudo apt-get install openssh-server on your Ubuntu command line and you’ll have a server that allows you to run remote commands, send over files via SFTP or even forward graphical applications over X-Forwarding.

R2

But when you open up a window to the internet, it might be a good idea to keep an eye on any nosy people who might come knocking. A good tip is NOT to run your server on the default port (22) and poke it up to a random port over 1024 so it won’t  be obvious to any scriptkiddie you are running an SSH server. But just to be safe its nice to keep an eye out too. Every system access is logged in /var/log/auth.log but there is a ton of info in here. But with this one simple command you can not only sort out the messages that talk about your SSH server, you can also “follow along live”

sudo tail -F /var/log/auth.log | grep sshd

The output will generate a cool scrolling textfile with all the failed and approved login attempts, the usernames of who is loggin in and when they connect and disconnect.  The command is simple .. but the output might be just what you need. 

Related Posts