Back to commands

Linux Survival Basics

Read-only, sensitive output

Find SSH Too Many Authentication Failures Lines

You need SSH log lines naming too many authentication failures.

Command

grep -i 'Too many authentication failures' /var/log/auth.log /var/log/secure 2>/dev/null | tail -20

Before you run this

System impact: Read-only. Output may expose users, paths, tokens, keys, IPs, process arguments, or log details.

When not to use it: Do not share auth logs without redacting users, IPs, hostnames, and keys.

Expected output

Recent matching auth log lines with user, source address, and failure text.

System impact

Read-only, sensitive output. Nothing changes. The command reads current state and prints diagnostic evidence.

May require elevated permissions on protected paths or service-owned files.

Recovery / rollback: no state is changed.

When to use it

Use when SSH fails before trying the expected key.

When not to use it

Do not share auth logs without redacting users, IPs, hostnames, and keys.

Common misread

Do not share auth logs without redacting users, IPs, hostnames, and keys.

Example run

Commands shown

These are the commands shown for inspection. Treat them as an example, not proof that your system will behave identically.

  1. grep -i 'Too many authentication failures' /var/log/auth.log /var/log/secure 2>/dev/null | tail -20
  2. grep -i 'Too many authentication failures' /var/log/auth.log /var/log/secure 2>/dev/null | tail -20

next steps

Related commands

Linux Survival Basics Can be slow

Find Errors Before Reading Every Log Line

The error was in the log. The problem was finding it without reading noise.

grep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -40
Linux Survival Basics Can be slow

Show Only Recent Errors

The log had old failures too. I only cared about the newest ones.

grep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -10
Linux Survival Basics Sensitive output

Read Recent Apache Error Log Lines

The Apache error log usually names the denied directory or rule.

sudo tail -80 /var/log/apache2/error.log 2>/dev/null || sudo tail -80 /var/log/httpd/error_log
Cybersecurity Triage Sensitive output

Review a Breakglass Account

Emergency accounts should be easy to find and hard to ignore.

sudo grep -Rhn 'breakglass' /etc /home /var/log/auth.log 2>/dev/null
Linux Survival Basics Can be slow

Find the Exact Log Line Before You Scroll

The error was there. The useful part was knowing exactly where it was.

grep -inE 'error|failed|denied|timeout' /var/log/nginx/error.log

next diagnostic step

Where to go from this command

Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • LPIC-1 style command-line practice
  • LFCS style performance-task practice
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.