Debian: logging of SSH failed login attempts?

ssh kernel linux logging

Solution 1:

You can (by default) check for these failures in /var/log/auth.log

Solution 2:

The first line means that a connection attempt was received from an IP address. The ssh server attemped to reverse-resolve the address and got a hostname (dinamic-tigo186-180-143-166.tigo.com.co), but when it attempted to forward-resolve that hostname to get back to the original IP address, it failed. This isn't fatal, it usually means someone else has screwed up their DNS, but ssh lets you know that that log entry has failed a basic can-I-be-relied-on test.

The second line means someone from the same IP address tried to ssh in as root, and failed.

If you get too many of the second kind of entry and want to make things harder for people, I wrote a piece on techniques for dealing with automated ssh password guessing that may interest you, though it doesn't cover fail2ban and similar technologies (because I don't like them).

Related

Setting "max_allowed_packet" -- commandline vs config?
How to manually extract a backup set made by duplicity?
PostgreSQL High Performance Setup
Connecting to a serial port/COM1 in Windows 7
Low-cost, Flexible Log Aggregation [closed]
How to setup FTP on Linode?
Is there any reason to play Halcyon 6: Starbase Commander over the Lightspeed Edition?
Most optimum way to use ice on long corridors?
My Resolution won't change, despite being different in the Launcher
OptiFine mod installed and launching correctly but not changing any textures
Can you have pets on the Sims 3, without having the Sims 3 pet disc?
Does the frozen biome itself provide cooling?