Monday, April 4, 2016
Open an ssh port to the internet and in a short time you will see all kinds of login attempts. There will be repeated attempts to access your system using usernames such as "admin" and "root" and others that are presumably left unguarded on systems somewhere. There are all kinds of simple steps to take to ensure that these attempts are not successful and that they don't overwhelm your system (such as using fail2ban). The log files auth.log and syslog (found in /var/log) will be full of attempts, but how do you look to see if anyone has successfully logged in?