Hi,
after several intentional unsuccessful login attempts fail2ban has banned me from my server but I am still able to log in afterwards.
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-ssh (1 references)
target prot opt source destination
DROP all -- dslb-xx-xx-xx-xx.pools.arcor-ip.net anywhere
RETURN all -- anywhere anywhere
cat /var/log/fail2ban.log
Ban xx.xx.xx.xx
xx.xx.xx.xx already banned
ssh user@yy.yy.yy.yy -p yyyyy
user's password:************
Linux hostname 2.6.26-2-amd64
user@hostname:~$
So fail2ban tells me I am banned but I can still log in.
Any hints?
Here is the whole output of "iptables -L"
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-ssh (1 references)
target prot opt source destination
DROP all -- dslb-xx-xx-xx-xx.pools.arcor-ip.net anywhere
RETURN all -- anywhere anywhere
From serverfault
-
In the file /fail2ban/jail.conf edit the following :
[ssh] enabled = true filter = sshd action = iptables[name=SSH, port="yyyy,ssh", protocol=tcp] logpath = /var/log/sshd/current maxretry = 3I've seen you were using an alternative port for ssh so, replace the yyyy be the port the sshd deamon is running.
Then restart fail2ban.
Gionn : please note that fail2ban is really useful if you need to keep 22 as ssh port. If you use an high random port, it's very hard for drones to find it.From Kami
0 comments:
Post a Comment