Under CentOS 8 I'm trying to find SSH failed login attempts.
Lastb returns:
# lastb
btmp begins Thu Jul 9 10:53:49 2020
Aureport returns some records (one examples is):
# aureport -au -i --failed
Authentication Report
============================================
# date time acct host term exe success event
============================================
1. 06/25/2020 13:46:36 root 10.10.0.2 ssh /usr/sbin/sshd no 66
When i try to login with bad credentials aureport or lastb do not show new record. Where can i found failed SSH logins ?
Best Answer
As sshd service managed by systemd, you should look into journal. For example: