Besides having a Terminal open, we need to remember a few concepts:
- Basic knowledge of the
- Ensure that
How to do it
We will find the failed SSH login attempts using the
cat commands. First, be a root user. Type the
sudo su command. Next, run the following command to fetch the failed attempts using the
# grep "Failed password" /var/log/auth.log
You can do this using the
cat command also. Run the following command:
# cat /var/log/auth.log | grep "Failed password"
You can block the particular IP address that has failed SSH login attempt using tcp-wrapper. Navigate to the
/etc directory. Look for the
hosts.deny file, add the following line in the file, and save the file:
How it works
In this, we used the
grep commands. The most common use of the
cat command is to display the contents of a file, and
grep is a Linux utility used for searching a file for a particular pattern; then, it will display the lines that will have the particular pattern.
In the previous examples, we were searching for a failed login attempt. We are matching such key words using the
grep command and then we are displaying it using the
To block an IP address, we just added a single line into the
hosts.deny file, which will block that particular IP address.