Blocking IP addresses from failed SSH attempts in Linux Operating System

Update on:
Oct 5, 2021

In this article, we will learn about finding the failed SSH attempts and blocking those IP addresses. To find failed attempts, we will use grep as well as cat commands. The login attempts to the SSH Server are tracked and recorded into the rsyslog daemon.


Besides having a Terminal open, we need to remember a few concepts:

  • Basic knowledge of the grep and cat commands
  • Ensure that grep is installed

How to do it

We will find the failed SSH login attempts using the grep and cat commands. First, be a root user. Type the sudo su command. Next, run the following command to fetch the failed attempts using the grep command:

# grep "Failed password" /var/log/auth.log

You can do this using the cat command also. Run the following command:

# cat /var/log/auth.log | grep "Failed password"

You can block the particular IP address that has failed SSH login attempt using tcp-wrapper. Navigate to the /etc directory. Look for the hosts.deny file, add the following line in the file, and save the file:


How it works

In this, we used the cat and grep commands. The most common use of the cat command is to display the contents of a file, and grep is a Linux utility used for searching a file for a particular pattern; then, it will display the lines that will have the particular pattern.

In the previous examples, we were searching for a failed login attempt. We are matching such key words using the grep command and then we are displaying it using the cat command.

To block an IP address, we just added a single line into the hosts.deny file, which will block that particular IP address.

Related Posts

Creating a lame utility HTTP server in Linux Operating System

In this article, we will discuss the cURL tool in Linux. The cURL tool is used for transferring the data from or to a server. It supports many protocols, and http is one of them. cURL is used to transfer the data from URL. It has so many tricks to offer, such as http...

Finding binary dependencies in Linux Operating System

In this article, we are going to check the executable. We will find out which string is present in it by using the string command.PrerequisitesBesides having a terminal open, make sure you have a binary present in your directory.Find dependencies First, we...

Capturing network traffic headlessly in Linux Operating System

In this article, we are going to learn how to capture traffic. We are going to capture network traffic with a packet sniffer tool called tcpdump. This tool is used to filter or capture TCP/IP packets that are transferred or received over a network.PrerequisitesBesides...

Mounting network file systems and retrieving files in Linux

In this article, we are going to learn about the mount command. To mount a file system onto the file system tree, use the mount command. This command will instruct the kernel to mount the file system found on a particular device. There is a mount point in the tree for...

Follow Us

Our Communities

More on Linux

The Ultimate Managed Hosting Platform
Load WordPress Sites in as fast as 37ms!



Submit a Comment

Your email address will not be published.

18 − two =