Linux Commands

How to check the sshd Logs on Linux?

sshd stands for Secure SHell Daemon. It is a hidden process that silently listens to all the authentication and login attempts of the Linux operating system. This process starts as soon as you boot your Linux operating system, and it is responsible for enabling secure communication between two entities via an insecure communication channel by establishing a connection between them.

The log file of this daemon is especially helpful if you are trying to figure out any unauthorized login attempts to your system. For doing that, you will have to check the sshd logs on Linux. Therefore, in this article, we will be exploring the two different methods of checking the sshd logs on the Linux operating system.

Note: The following two methods have been demonstrated on Ubuntu 20.04.

Methods of checking the sshd Logs on Linux:

For checking the sshd logs on Ubuntu 20.04, you can make use of any of the following two methods:

Method # 1: Using the “lastlog” command:

This method is useful when you only intend to view the login logs through sshd. This can be done by following the steps described below:

We will be running the “lastlog” command on the terminal for which we will launch it first as shown in the following image:

Now we will run the “lastlog” command in the terminal in the following manner:


The output of this command will display all the login-related logs on your terminal, as shown in the image below:

Method # 2: Viewing the Contents of the “auth.log” File:

This method should be used when you do not want to restrict the sshd logs to the login attempts; rather, you want to check all the sshd logs. You have to follow the steps mentioned below to make use of this method:

We need to access the /var/log/auth.log file for checking all the sshd logs on Ubuntu 20.04. This file can be accessed with the help of the “cat” command in the following manner:

cat /var/log/auth.log

However, if you have not logged in to the root user account, then running this command will render the following error on your Ubuntu 20.04 terminal:

To avoid this error from occurring, you can either try to access this while you are logged in to the root user account or else you can use this command with the “sudo” keyword for having the root user privileges as shown below:

sudo cat /var/log/auth.log

After accessing the auth.log file with the root user privileges, you will be able to see the contents of this file, i.e., all the sshd logs on your Ubuntu 20.04 terminal as shown in the following image:


In this article, we talked about the two methods of checking sshd logs on Linux. Both of these methods are a very effective means of keeping an eye on all sorts of intrusion activities. Moreover, you can also figure out your latest connection attempts by making use of these methods. The auth.log file is updated every time you attempt to make a new connection, share a file, or try to authenticate yourself.

About the author

Karim Buzdar

Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. He blogs at LinuxWays.