A mention in a podcast and a few comments at work got me interested, just how many ssh login attempts is every single PC, webcam, smartdevice, being subjected to?

A quick check of the fail2ban(1) logs on my home PC and I found that for yesterday alone there are 266 failed login attempts from all over the world. Poking around with a little awk(1) and some shell and I find:

  • 226 attempts of an ssh login from an IP address
  • 145 unique IP addresses tried to login
  • 91 unique names were used in the login attempts

Most of the addresses only tried to login one or a few times, the standout was the 121 addresses that tried a single ssh login and gave up, and the one address that tried 60 times:

Tries IPs
1 121
2 6
3 7
4 3
5 3
6 3
7 1
60 1

Looking at the names:

  • 84 names with one attempt each, none of them rude words and surprisingly, ubuntu wasn’t among them
  • Three names; ftpuser, lili and test all had two attempts each
  • support had three attempts
  • pi had four attempts
  • admin has 55 attempts
  • root had 114 attempts

I used to have a honeypot version of sshd(8) that logged the passwords that people tried, but it succumbed to bitrot, perhaps I should try to resurrect it