On the Internet, there are always boring people who constantly guess the passwords of others' servers every day! As the administrator of a linux server, we should know which IP addresses are constantly scanning our SSH ports to try brute force cracking. Next we will use a command to list which IP addresses are cracking your SSH password and the number of times.
Cat/var/log/secure | awk '/Failed/{print $(NF-3 )} '| sort | uniq-c | awk' {print $2 "=" $1 ;}'
The above picture shows the IP address used to scan the SSH password on this site and the number of scans!
We recommend that you modify the remote connection port of the server to prevent the security of the server from being affected by the scan of your password! If conditions are met, only a fixed IP address can be allowed to connect to the SSH remote connection port, which is much safer. You can also write a script to add the IP address to the hosts. deny file when the number of consecutive scans reaches the specified value, and enable Filtering for sshd in hosts. allow, for example:
Sshd:/etc/hosts. deny: deny sshd: ALL: allow
In this case, after too many wrong password input times, the server is automatically blocked from the outside for security configuration.