Ssh – view successful logon attempts for SSHD

loggingssh

I'm familiar with using log show | grep 'sshd: error: PAM: authentication error for $user from $ip_address' to look through failed logon attempts from various IP addresses.

Is there an equivalent log that gets written whenever a successful SSH connection gets established and authenticated (ideally it would contain information about the client IP address).

I've looked throughout my log files and there does not seem to be logs that record successful logins.

Best Answer

The successful SSH logins are logged in e.g. /var/log/auth.log with:

sshd[20007]: Accepted password for username from 192.0.2.123 port 60979 ssh2
sshd[20007]: pam_unix(sshd:session): session opened for user username by (uid=0)
systemd-logind[613]: New session 12345 of user username.

Or, in case of publickey authentication:

sshd[20008]: Accepted publickey for username from 192.0.2.123 port 50460 ssh2

Best Answer

Related Solutions

Windows – How to tell Git for Windows where to find the private RSA key

For Git Bash

For TortoiseGit

SSH / SSHD – How to set max login attempts

Related Topic