Login Attempts: Is this usual?

December 10, 2013 12.5k views
When I ssh into my droplet, it reads out: There were 670 failed login attempts since the last successful login. Is this usual? Am I supposed to be concerned?
1 comment
  • Bump. After logging out and in again, I’m seeing 9 failed attempts. Is someone trying to get in?

4 Answers
Change the SSH port, try fail2ban:
by Etel Sverdlov
fail2ban provides a way to automatically protect virtual servers from malicious behavior. This tutorial shows you how to install Fail2Ban, copy the Configuration File, configure the fail2ban defaults, and find out how to configure the ssh defaults. This tutorial describes the required steps to set up fail2ban on Ubuntu.
I recommend installing fail2ban (see joshuataylorx's link above) and using SSH keys while disabling password authentication: https://www.digitalocean.com/community/articles/how-to-set-up-ssh-keys--2
by Etel Sverdlov
SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. With SSH keys, users can log into a server without a password. This tutorial explains how to generate, use, and upload an SSH Key Pair.
"Is this usual?"

Unfortunately, yes (simply Wikipedia DDoS attacks and Brute Force Attacks).

"Am I supposed to be concerned?

If you care about the data on your cloud server... yes.

Ditto on using SSH keys and disabling password logins. If connecting from a Windows machine, check out How To Create SSH Keys with PuTTY to Connect to a VPS.

A firewall will also come in handy: How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server.
by Shaun Lewis
Learn how to setup a firewall with UFW on an Ubuntu / Debian cloud server.
Q:\ Is this usual?
A:\ It is usual and common on servers facing the internet. These internet facing servers are being scanned for open ports by malicious users everyday all day.

Q:\ Am I supposed to be concerned?
A:\ Yes, you should be concerned as your server might get compromised.

Tip: You can check the Failed login attempts with:
sudo cat /var/log/secure | grep Failed

Have another answer? Share your knowledge.