The SMG administrator would like to know if and how SMG can detect and log events such as “wrong attempt to access SMG.” In the GUI, they can see certain access logs, but they are unable to find any information related to SSH login attempts.

The requirement is to have an overview of whether someone has attempted to misuse SMG Linux.

SMG 10.8 10.9

• SSH login events (both successful and failed attempts) are not logged or displayed in the SMG Control Center GUI.
• SSH login attempts cannot be forwarded to SIEM or other log management systems from within SMG.
• SSH access is restricted to the admin account, and by design, SMG allows further restriction based on source IP addresses via the sshd-config command. This design minimizes the exposure of SSH to unauthorized access attempts.

To check SSH login attempts directly, administrators must review the secure log from the command line of the appliance.

Use the following command to display entries related to SSH activity (including failed login attempts): cat /data/logs/secure | grep sshd

SSH access is limited to the admin user.

Administrators can configure IP allow lists with the sshd-config command to restrict which IP addresses are permitted to connect via SSH.

This reduces the risk of unauthorized login attempts.