Monitor SSH login attempts on your server - see who's trying to break in
Project description
auth-watcher ๐
Monitor SSH login attempts on your server. See who's trying to break in.
Inspired by Knock-Knock.net - a visualization of server attacks that went viral on Hacker News.
Installation
pip install auth-watcher
Usage
# Show summary of all login attempts
auth-watcher --summary
# Real-time monitoring (like tail -f)
auth-watcher
# Show top 20 attackers
auth-watcher --top 20
# JSON output for scripts
auth-watcher --json
Example Output
============================================================
๐ AUTH-WATCHER ๅฎๅ
จๆฅๅ
============================================================
๐ ๆป่ฎก:
โ ๅคฑ่ดฅ็ปๅฝ: 8,523
โ
ๆๅ็ปๅฝ: 42
๐ฏ Top 10 ๆปๅป่
IP:
154.193.217.4 2048 ๆฌก โโโโโโโโโโโโโโโโ (Los Angeles, US)
103.145.88.12 1256 ๆฌก โโโโโโโโโโ (Shanghai, CN)
45.33.32.156 892 ๆฌก โโโโโโโโ (Singapore, SG)
๐ค Top 10 ่ขซๅฐ่ฏ็็จๆทๅ:
root 3258 ๆฌก โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
admin 688 ๆฌก โโโโโโ
ubuntu 456 ๆฌก โโโโ
test 234 ๆฌก โโ
Features
- ๐ Summary stats - Total failed/successful logins
- ๐ฏ Top attackers - IPs with most failed attempts + geolocation
- ๐ค Username analysis - Most targeted usernames
- ๐ Real-time watch - Live monitoring with colored output
- ๐ JSON export - For scripts and automation
Requirements
- Linux server with SSH
- Python 3.8+
- Root access (to read
/var/log/auth.log)
Supported Systems
- Ubuntu / Debian (
/var/log/auth.log) - RHEL / CentOS (
/var/log/secure) - Other Linux distros (use
--logto specify path)
Security Tips
If you're seeing thousands of failed logins (you probably are):
- โ Disable password auth - Use SSH keys only
- โ Use fail2ban - Auto-ban repeat offenders
- โ Change SSH port - Move away from 22
- โ Use a firewall - Restrict access by IP
License
MIT - Built by IndieKit
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file auth_watcher-0.1.0.tar.gz.
File metadata
- Download URL: auth_watcher-0.1.0.tar.gz
- Upload date:
- Size: 5.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f7c957e35e91d4c105025665269f1b0acfc201ea6394732f37d6359ff63a28ea
|
|
| MD5 |
b6683ba3eea33f6be58a63a5862e7074
|
|
| BLAKE2b-256 |
c9d1d66b3177b836176f4660b790662caaab477ffb5267eb62112b0e8e94b5f3
|
File details
Details for the file auth_watcher-0.1.0-py3-none-any.whl.
File metadata
- Download URL: auth_watcher-0.1.0-py3-none-any.whl
- Upload date:
- Size: 10.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4294a0a06b3975858c5751a8050de17fd8cfa3065261a581fe6791809c2c720d
|
|
| MD5 |
d0407e6b76b2250fbeb308e753dda9a6
|
|
| BLAKE2b-256 |
ae4fd20140bb237c6e874b1bf2f9af5ab89560a21c46672f435138cb7e3b2bc5
|
