You are not logged in.
- Topics: Active | Unanswered
#1 2016-07-06 00:46:00
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,696
- Website
Fail2ban users: what regex are you using to block public key fails?
The out-of-the-box /etc/fail2ban/filter.d/sshd.conf does not catch failed keys but it does catch failed passwords. Has anyone got a regex that matches failed keys?
From journalctl:
Jul 05 18:22:41 mercury sshd[4659]: Failed publickey for graysky from 76.58.20.166 port 37944 ssh2: RSA SHA256:v3dpapGleDaUKf$4V1vKyR9ZyUgjaJAmoCTcb2PLljI
Jul 05 18:22:41 mercury sshd[4659]: Connection closed by 76.58.20.166 port 37944 [preauth]
Jul 05 18:22:41 mercury sshd[4661]: Connection from 76.58.20.166 port 37946 on 192.168.1.110 port 15001
Jul 05 18:22:42 mercury sshd[4661]: Failed publickey for graysky from 76.58.20.166 port 37946 ssh2: RSA SHA256:v3dpapGleDaUKf$4V1vKyR9ZyUgjaJAmoCTcb2PLljI
Jul 05 18:22:42 mercury sshd[4661]: Connection closed by 76.58.20.166 port 37946 [preauth]
Jul 05 18:22:42 mercury sshd[4663]: Connection from 76.58.20.166 port 37948 on 192.168.1.110 port 15001
Jul 05 18:22:42 mercury sshd[4663]: Failed publickey for graysky from 76.58.20.166 port 37948 ssh2: RSA SHA256:v3dpapGleDaUKf$4V1vKyR9ZyUgjaJAmoCTcb2PLljI
Jul 05 18:22:42 mercury sshd[4663]: Connection closed by 76.58.20.166 port 37948 [preauth]
Jul 05 18:22:42 mercury sshd[4665]: Connection from 76.58.20.166 port 37950 on 192.168.1.110 port 15001
Jul 05 18:22:43 mercury sshd[4665]: Failed publickey for graysky from 76.58.20.166 port 37950 ssh2: RSA SHA256:v3dpapGleDaUKf$4V1vKyR9ZyUgjaJAmoCTcb2PLljI
Jul 05 18:22:43 mercury sshd[4665]: Connection closed by 76.58.20.166 port 37950 [preauth]
Jul 05 18:22:43 mercury sshd[4667]: Connection from 76.58.20.166 port 37952 on 192.168.1.110 port 15001
Jul 05 18:22:43 mercury sshd[4667]: Failed publickey for graysky from 76.58.20.166 port 37952 ssh2: RSA SHA256:v3dpapGleDaUKf$4V1vKyR9ZyUgjaJAmoCTcb2PLljI
Jul 05 18:22:43 mercury sshd[4667]: Connection closed by 76.58.20.166 port 37952 [preauth]
Jul 05 18:22:43 mercury sshd[4669]: Connection from 76.58.20.166 port 37954 on 192.168.1.110 port 15001
Jul 05 18:22:44 mercury sshd[4669]: Failed publickey for graysky from 76.58.20.166 port 37954 ssh2: RSA SHA256:v3dpapGleDaUKf$4V1vKyR9ZyUgjaJAmoCTcb2PLljI
Jul 05 18:22:44 mercury sshd[4669]: Connection closed by 76.58.20.166 port 37954 [preauth]CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline