Blocking IP addresses from failed SSH attempts in Linux Operating System

March 7, 2021


In this article, we will learn about finding the failed SSH attempts and blocking those IP addresses. To find failed attempts, we will use grep as well as cat commands. The login attempts to the SSH Server are tracked and recorded into the rsyslog daemon.


Besides having a Terminal open, we need to remember a few concepts:

  • Basic knowledge of the grep and cat commands
  • Ensure that grep is installed

How to do it

We will find the failed SSH login attempts using the grep and cat commands. First, be a root user. Type the sudo su command. Next, run the following command to fetch the failed attempts using the grep command:

# grep "Failed password" /var/log/auth.log

You can do this using the cat command also. Run the following command:

# cat /var/log/auth.log | grep "Failed password"

You can block the particular IP address that has failed SSH login attempt using tcp-wrapper. Navigate to the /etc directory. Look for the hosts.deny file, add the following line in the file, and save the file:


How it works

In this, we used the cat and grep commands. The most common use of the cat command is to display the contents of a file, and grep is a Linux utility used for searching a file for a particular pattern; then, it will display the lines that will have the particular pattern.

In the previous examples, we were searching for a failed login attempt. We are matching such key words using the grep command and then we are displaying it using the cat command.

To block an IP address, we just added a single line into the hosts.deny file, which will block that particular IP address.

Satish Kumar

Satish Kumar

I am Satish Kumar, Founder of LinuxConcept. Linux and F.O.S.S enthusiast, love to work on open source platform and technologies.

Related Posts

Encrypting/decrypting files from a script in Linux

In this article, we are going to learn about OpenSSL. In this section, we are going encrypt and decrypt messages and files using OpenSSL.Prerequisites Besides having a terminal open, you need to have a basic knowledge of encoding and decoding schemes....

Finding binary dependencies in Linux Operating System

In this article, we are going to check the executable. We will find out which string is present in it by using the string command.PrerequisitesBesides having a terminal open, make sure you have a binary present in your directory.Find dependencies First, we...



Submit a Comment

Your email address will not be published. Required fields are marked *

10 − 4 =

News & Updates

Join Our Newsletter