Submit your Linux news story here.

How to create a heatmap of failed SSH login IP address

SSHHeatmap is a handy script coded in Python that generates a heatmap of IP’s that made failed SSH login attempts on Linux servers.

SSHHeatmap python script

From the Github page:

Generates a heatmap of IPs that made failed SSH login attempts on linux systems, using /var/log/auth.log to get failed attempts. Uses the ipinfo.io library to fetch the IP address coordinates, and folium to generate the heatmap.

Install the script

We use the wget:
wget https://raw.githubusercontent.com/meesaltena/SSHHeatmap/master/SSHHeatmap.py

Create a text file that contains the SSH logs

Debian based Linux distribution should use the following:
grep "Failed password" /var/log/auth.log > failed.txt
CentOS and Red Hat Enterprise Linux users need to use the /var/log/secure file:
grep "Failed password" /var/log/secure > failed.txt
Make pretty graph:
python3 SSHHeatmap.py failed.txt {ipinfo_api_key}
Open the generated heatmap HTML file in a browser using the:
xdg-open /path/to/heatmap/file.html

SSHHeatmap - create a heatmap of failed SSH login on Linux or Unix

A heatmap of IP’s that made failed SSH login on your Linux or Unix server

2 comments… add one
  • Oi, nice script. Thanks matey

    Reply
  • Wouldn’t be a heatmap of successful login attempts be more interesting? 🤯

    Reply

Leave a Comment