I have a lot of unauthorized login attempts via SSH on my Linux servers. The first thing on a new server everyone should do is to disable SSH login via password, to only accept logins via private key. It’s quite easy to set up and it secures your server.

Anyway, you can still watch login attempts in /var/log/auth.log.

#As root or via sudo, type this to see all failed login attempts
cat /var/log/auth.log | grep 'sshd.*Invalid'

#If you want to see successful logins, type this
cat /var/log/auth.log | grep 'sshd.*opened'