Run journalctl -u ssh.
journalctl -u ssh
Search training SSH activity for accepted and denied attempts.
Security administrationjournalctlgrep
Click any instruction for the command details, the why, and the common mistake to avoid.
Run journalctl -u ssh.
journalctl -u ssh
Run grep denied /var/log/auth.log.
grep denied /var/log/auth.log
Run grep accepted /var/log/auth.log.
grep accepted /var/log/auth.log
Create a free account to sync completed lessons, XP, streaks, course status, and your next lesson across sessions.
Checking account status...
Progress sync is idle.
Progress sync stores completion IDs, scores, streaks, badges, and game settings. Terminal contents, editor snippets, lab scratch, email, and real names are never published on leaderboards or share cards.
Find successful and denied SSH events.
Use journalctl -u ssh and grep accepted or denied.
Security review starts with knowing who got in and who failed.
grep [-i] <text> <file>
Find literal text inside a file.
journalctl -u <service>
Read simulated service journal entries.