You are not logged in.

#1 2021-11-01 13:47:29

itarill
Member
Registered: 2020-06-03
Posts: 30

fail2ban does not work for ssh except on port 22

My fail2ban is not working for sshd except for the default port 22/tcp.

My old, working config in jail.local:

[sshd]
enabled  = true
port     = ssh

Tested fail2ban, did ban me after 3 failed attempts as intended.

I explicitly specified a different port afterwards in jail.local:

port = 12345

ssh tunnel works on the new port, i.e.

 ssh myuser@myip -p 12345

but when I consciously err with wrong ssh password I do not receive a ban after any number of attempts.

sshd.service, fail2ban.service already restarted, also tried rebooting.

I DO get the email message about being banned, however, I can still (successfully) attempt to log in. My ban time is 10 minutes - if I quickly change the IP for sshd to 22 and start a new tunnel for port 22, it is also not banned.

Last edited by itarill (2021-11-04 11:02:02)

Offline

#2 2021-11-02 20:36:55

Bevan
Member
Registered: 2009-09-08
Posts: 99

Re: fail2ban does not work for ssh except on port 22

itarill wrote:

My old, working config in jail.local:

[ssh]
enabled  = true
port     = ssh

Tested fail2ban, did ban me after 3 failed attempts as intended.

Shouldn't that be

[sshd]

? That is defined and enabled by default in jail.conf. You might be defining a new jail here which has no filter and no action defined.


Although...

itarill wrote:

I DO get the email message about being banned

is very surprising then.

Last edited by Bevan (2021-11-02 20:38:10)

Offline

#3 2021-11-04 11:02:59

itarill
Member
Registered: 2020-06-03
Posts: 30

Re: fail2ban does not work for ssh except on port 22

Bevan wrote:
itarill wrote:

My old, working config in jail.local:

[ssh]
enabled  = true
port     = ssh

Tested fail2ban, did ban me after 3 failed attempts as intended.

Shouldn't that be

[sshd]

? That is defined and enabled by default in jail.conf. You might be defining a new jail here which has no filter and no action defined.


Although...

itarill wrote:

I DO get the email message about being banned

is very surprising then.

You are right, ssh was a typo in my post. The config contains sshd. Edited the OP.

Offline

#4 2021-11-04 13:24:34

Bevan
Member
Registered: 2009-09-08
Posts: 99

Re: fail2ban does not work for ssh except on port 22

The configuration looks correct to me unless you modified anything else. I would try provoking the (non-working) ban on port 12345 and afterwards run

iptables -L
iptables -S

Normally, you should see a corresponding entry created by fail2ban. At least we then see if the entry is entirely missing or somehow wrong/ineffective.

Offline

Board footer

Powered by FluxBB