Log file for ssh attempts?

3

3

I have an old Macbook running Yosemite which I've connected to the internet via my college network. I foolishly enabled ssh access while my computer had a weak password, and now I want to check my computer's log file to see if anyone malicious has attempted to log into my computer (and potentially brute-force my password.)

Which log file should I look at?

*Side note - how long should I make my password be so that I can feel safe against brute-force attacks via ssh?

mchen.ja

Posted 2014-11-10T21:28:27.367

Reputation: 312

You should not use passwords. Use SSH keys instead. – Ahmet Alp Balkan – 2016-12-16T20:28:45.137

Answers

10

SSH login attempts are logged in /var/log/system.log. Grep for sshd in that file and you'll get the logins.

Here's an example of a failed login followed by a succesful login:

% grep sshd /var/log/system.log
Nov 10 22:30:22 Lanfear.local sshd[98443]: error: PAM: authentication error for teun from localhost via 127.0.0.1
Nov 10 22:30:36 Lanfear.local sshd[98443]: Accepted keyboard-interactive/pam for teun from 127.0.0.1 port 51239 ssh2
Nov 10 22:30:36 Lanfear.local sshd: teun [priv][98443]: USER_PROCESS: 98453 ttys004

If you're worried about brute force attempts on your password the best thing to do is disable password authentication and only use key based authentication. You can disable password based authentication by editing /etc/sshd_config change ChallengeResponseAuthentication yes to ChallengeResponseAuthentication no. Make sure your SSH keys are working before you do this or you won't be able to login remotely.

There's no fixed rule on when a password is weak or strong, but in general when using passwords I'd use a passphrase consisting of multiple words and some numbers and/or puntuation.

Teun Vink

Posted 2014-11-10T21:28:27.367

Reputation: 2 107

2In El Capitan it has moved to /etc/ssh/sshd_config. – Graham Perks – 2016-07-08T03:54:47.000

Note: "/etc/ssh/sshd_config" VS "/etc/ssh_config" disable password settings must be set in sshd_config, this handles the requested connections into the ssh server. ssh_config is more of a ssh client side preference file, similar to .vimrc or git_config files. – Timothy L.J. Stewart – 2018-07-29T21:29:03.403

Asked: 2014-11-10T21:28:27.367

Viewed: 12 299 times

Active: 2014-11-11T18:11:54.983