On 1/18/26 15:04, Avon Robertson wrote:
On Sun, Jan 18, 2026 at 03:10:49PM -0000, Stuart Henderson wrote:
On 2026-01-18, Avon Robertson <[email protected]> wrote:
> Initially, I will use your code to check for attempted logins on my
> home router.
is authlog not enough for that?
--
Please keep replies on the mailing list.
Hello Stuart.
Thank you for your reply. authlog is certainly helpful.
As my router potentially provides an entry point to many machines,
I don't want to become complacent w.r.t. it's security.
IF you have the system exposed to the outside world, you will see thousands
of failed login attempts per day. That's just normal on the Internet.
It would probably be much more useful to list all SUCCESSFUL logins and
make sure they can be explained. Otherwise, you are going to be looking
for very tiny needles in a really big haystack. And there's not a whole
lot you can do about the Internet trying to log into your networks.
Simple fact of life. Much better to make sure all the needles are
yours, and ignore the hay.
Make sure you have only key logins accepted. That way, unless your private
key escapes, you won't have a lot to worry about. And...do you really need
to permit external logins? yes, often that is needed, I get it.
(some will advocate moving SSH to a different port. That is NOT a security
improvement...but it can significantly reduce the size of your logs, which
may be a good thing. Personally, the failed login attempts are a great
reminder to keep one's guard up: yes, they really are out to get you. :) )
Nick.
