Consulter le journal des connexions SSH
Affichage des connexions acceptées
root@serveurX:~# journalctl -u ssh | grep Accepted
debian sshd[536]: Accepted password for doe from 192.168.56.1 port 50396 ssh2
serveurX sshd[538]: Accepted password for doe from 192.168.56.1 port 50414 ssh2
serveurX sshd[567]: Accepted password for x from 192.168.56.1 port 50590 ssh2
serveurX sshd[594]: Accepted password for x from 192.168.56.123 port 47102 ssh2
serveurX sshd[620]: Accepted password for x from 192.168.56.123 port 34566 ssh2
serveurX sshd[628]: Accepted publickey for x from 192.168.56.123 port 41850 ssh2: RSA SHA256:WW0B+ZL4qWR9acUPtyDLaTmTijgfk9ohX8y0nnYiob8
serveurX sshd[638]: Accepted password for x from 192.168.56.1 port 49792 ssh2
serveurX sshd[656]: Accepted publickey for x from 192.168.56.1 port 49797 ssh2: RSA SHA256:WW0B+ZL4qWR9acUPtyDLaTmTijgfk9ohX8y0nnYiob8
Affichage des connexions refusées
Ci-dessous :
- Les utilisateurs
doeettrucn'existe pas - L'utilisateur
xa saisi un mauvais mot de passe
root@serveurX:~# journalctl -u ssh | grep -E '(Failed|Invalid)'
serveurX sshd[561]: Invalid user doe from 192.168.56.1 port 50643
serveurX sshd[561]: Failed password for invalid user doe from 192.168.56.1 port 50643 ssh2
serveurX sshd[589]: Invalid user doe from 192.168.56.123 port 44782
serveurX sshd[589]: Failed password for invalid user doe from 192.168.56.123 port 44782 ssh2
serveurX sshd[1242]: Invalid user truc from 192.168.56.1 port 49818
serveurX sshd[1242]: Failed password for invalid user truc from 192.168.56.1 port 49818 ssh2
serveurX sshd[1242]: Failed password for x from 192.168.56.201 port 57918 ssh2