[olug] Email a report on SSH

David Cannon medaveduh at gmail.com
Fri Apr 20 16:14:06 UTC 2012

I have set up an SSH tunnel into an Ubuntu 10.10 machine.  I disabled
passwords and only use a private key.  I have been using it to proxy my web
traffic securely when I travel.  Sometimes you just cant trust any old
WIFI.    Recently my log files have been a little large.  the
/var/log/auth.log file is showing multiple attempts to login.  I have
turned the logging to verbose so I can see what is going on but I am not
home all of the time.  This brings me to the issue.

I have two questions.

1.  I was looking into port security and came across "Knocking".  Has
anyone used "Knocking" to open a port?

2.  Anyone know a good place to get information on the setting it up to
email me when someone tries to log in? I want to know the originating IP
address and the password they used.  Passwords will all fail but I would
like to know if someone is foolishly trying to brute force it and where
they are coming from.  I would like an email sent to me each time it
happens.  I did find a couple sites detailing a way to email when someone
logs in, but I am more interested in finding out when someone fails.

Any info you could pass on would be great.

More information about the OLUG mailing list