Linux

How to find out where ssh logins are coming from

Using this little script you can find out the origin of the logins to your server:

CentOs:

cat /var/log/secure* | grep Accepted | awk '{print $11}' | xargs -n 1 host | awk '{print $5}'

Debian/Ubuntu:

cat /var/log/auth.log* | grep Accepted | awk '{print $11}' | xargs -n 1 host | awk '{print $5}'

If you want you can use geoiplocate:

cat /var/log/auth.log* | grep Accepted | awk '{print $11}' | xargs -n 1 geoiplookup

do an apt-get install geoiplookup first