Bash-enabled linux SSH accounts are one of the sweetest and enticing server aroma for a SSH port attacket to get one from a server being managed by somebody else.

Here’s a quick post on how to list down the SSH user accounts with most failed SSH login attempts.

Get Most Attacked SSH System Accounts

SSH spurs any failed SSH login attempts to /var/log/secure by default. To get all those failed SSH login attempts and list down most attacked SSH accounts with failed password attempts, simply

# cat secure* | grep ‘Failed password’ | awk ‘{print $9}’ | sort -rn | uniq -c

A similar results would be

15 user1
12 user2

11 user3
12 user4

[sniff]

Top 10 SSH Account with Most Failed SSH Login Attempts

To get the top 10 SSH accounts with most failed login and password attempts, simply

# cat secure* | grep ‘Failed password’ | awk ‘{print $9}’ | sort -rn | uniq -c | head -10

The above displays the accounts gathering its most failed SSH login attemps. You could check its IP to check if it also represents the most attach SSH account user.

All is done.

Tags:attachments, attack, attackers, attacks, check, grep, headings, linux, listing, logins, logs, passwords, port, ports, secure, Security, server, servers, ssh, system, systems, uniq

Liked this article? To continue getting our latest free Howtos and Tutorials,
you can also grab the RSS feed or Subscribe to Techgurulive by Email

Not Getting

Related posts

Yahoo to shut down Xoopit for Gmail users

How to verify that Java is running under Linux System