I have an old Macbook running Yosemite which I've connected to the internet via my college network.
I foolishly enabled ssh access while my computer had a weak password, and now I want to check my computer's log file to see if anyone malicious has attempted to log into my computer (and potentially brute-force my password.)
Which log file should I look at?
*Side note – how long should I make my password be so that I can feel safe against brute-force attacks via ssh?
Best Answer
SSH login attempts are logged in
/var/log/system.log
. Grep forsshd
in that file and you'll get the logins.Here's an example of a failed login followed by a succesful login:
If you're worried about brute force attempts on your password the best thing to do is disable password authentication and only use key based authentication. You can disable password based authentication by editing
/etc/sshd_config
changeChallengeResponseAuthentication yes
toChallengeResponseAuthentication no
. Make sure your SSH keys are working before you do this or you won't be able to login remotely.There's no fixed rule on when a password is weak or strong, but in general when using passwords I'd use a passphrase consisting of multiple words and some numbers and/or puntuation.