Appendix |
Aspera recommends that you review your SSH log periodically for signs of a potential attack. Locate and open your syslog, for example, /var/log/auth.log or /var/log/secure. Depending on your system configuration, syslog's path and file name may vary.
Look for invalid users in the log, especially a series of login attempts with common user names from the same address, usually in alphabetical order. For example:
... Mar 10 18:48:02 sku sshd[1496]: Failed password for invalid user alex from 1.2.3.4 port 1585 ssh2 ... Mar 14 23:25:52 sku sshd[1496]: Failed password for invalid user alice from 1.2.3.4 port 1585 ssh2 ...
If you have identified attacks: