this is always fun:
root@ns003:/etc/ssh# grep Failed.password /var/log/auth.log | cut -d' ' -f7-11 | sort | uniq -c
6 Failed password for games from
324 Failed password for invalid user
6 Failed password for nobody from
9937 Failed password for root from
12 Failed password for www-data from
root@ns003:/etc/ssh# grep Failed.password.for.invalid.user /var/log/auth.log | cut -d' ' -f7-12 | sort | uniq -c
3 Failed password for invalid user 0
3 Failed password for invalid user 0000
3 Failed password for invalid user 010101
3 Failed password for invalid user 1111
3 Failed password for invalid user 1234
141 Failed password for invalid user admin
6 Failed password for invalid user admin1
3 Failed password for invalid user api
12 Failed password for invalid user centos
3 Failed password for invalid user dbadmin
6 Failed password for invalid user default
18 Failed password for invalid user ftp
3 Failed password for invalid user ftpuser
3 Failed password for invalid user git
3 Failed password for invalid user gpadmin
10 Failed password for invalid user guest
6 Failed password for invalid user ingres
6 Failed password for invalid user jim
2 Failed password for invalid user monitor
4 Failed password for invalid user mysql
2 Failed password for invalid user operator
2 Failed password for invalid user osmc
2 Failed password for invalid user pi
6 Failed password for invalid user postgres
2 Failed password for invalid user service
2 Failed password for invalid user support
2 Failed password for invalid user sysadmin
2 Failed password for invalid user telecomadmin
2 Failed password for invalid user telnet
26 Failed password for invalid user test
6 Failed password for invalid user testuser
9 Failed password for invalid user ubnt
12 Failed password for invalid user user
2 Failed password for invalid user user1
6 Failed password for invalid user webftp
of course I have PermitRootLogin without-password in /etc/ssh/sshd_config.
last updated 2017-05-15 22:57:24. served from tektonic.jcomeau.com