Hey I’m a noob and have a really small problem.
Where are the ssh logs located?
As far as I know, you could see who has accessed the Pi from
/var/log/auth.log
That file doesn’t exist in my Pi. Where can I access this info?
Hey I’m a noob and have a really small problem.
Where are the ssh logs located?
As far as I know, you could see who has accessed the Pi from
/var/log/auth.log
That file doesn’t exist in my Pi. Where can I access this info?
Hi,
many thanks for your message. If you default SSH server Dropbear, login attemps are visible within journalctl -u dropbear.service
root@DietPi3:~# journalctl -u dropbear.service
-- Logs begin at Thu 2019-02-14 11:11:58 CET, end at Tue 2020-10-27 16:03:49 CET. --
Oct 27 15:54:56 DietPi3 systemd[1]: Starting LSB: Lightweight SSH server...
Oct 27 15:54:56 DietPi3 dropbear[400]: Starting Dropbear SSH server: dropbear.
Oct 27 15:54:56 DietPi3 dropbear[405]: Running in background
Oct 27 15:54:56 DietPi3 systemd[1]: Started LSB: Lightweight SSH server.
Oct 27 15:58:43 DietPi3 dropbear[437]: Child connection from 192.168.x.x:52454
Oct 27 15:58:47 DietPi3 dropbear[437]: Password auth succeeded for 'root' from 192.168.x.x:52454
Oct 27 16:03:40 DietPi3 dropbear[573]: Child connection from 192.168.x.x:52674
Oct 27 16:03:49 DietPi3 dropbear[573]: Password auth succeeded for 'dietpi' from 192.168.x.x:52674
Thanks for help, unfortunately I’m currently using OpenSSH and there doesn’t seem to be an openssh.service like dropbear.
just use journalctl -u ssh.service
Oh… that works. Thank you!
Hello, how fail2ban can have access to this file : journalctl -u ssh.service
?
Thanks
usually fail2ban should/will read directly from systemd log.
Exactly, it uses the systemd backend to read from journal when installed via dietpi-software, so no plain text log files are required. Check /etc/fail2ban/jail.conf.