Checking for SSH Issues

Aspera recommends that you review your SSH log periodically for signs of a potential attack. Locate and open your syslog, for example, /var/log/auth.log or /var/log/secure. Depending on your system configuration, syslog's path and file name may vary.

Look for invalid users in the log, especially a series of login attempts with common user names from the same address, usually in alphabetical order. For example:

...
Mar 10 18:48:02 sku sshd[1496]: Failed password for invalid user alex from  1.2.3.4 port 1585 ssh2
...
Mar 14 23:25:52 sku sshd[1496]: Failed password for invalid user alice from  1.2.3.4 port 1585 ssh2
...

If you have identified attacks: