You are not logged in.
My fail2ban is not working for sshd except for the default port 22/tcp.
My old, working config in jail.local:
[sshd]
enabled = true
port = ssh
Tested fail2ban, did ban me after 3 failed attempts as intended.
I explicitly specified a different port afterwards in jail.local:
port = 12345
ssh tunnel works on the new port, i.e.
ssh myuser@myip -p 12345
but when I consciously err with wrong ssh password I do not receive a ban after any number of attempts.
sshd.service, fail2ban.service already restarted, also tried rebooting.
I DO get the email message about being banned, however, I can still (successfully) attempt to log in. My ban time is 10 minutes - if I quickly change the IP for sshd to 22 and start a new tunnel for port 22, it is also not banned.
Last edited by itarill (2021-11-04 11:02:02)
Offline
My old, working config in jail.local:
[ssh] enabled = true port = ssh
Tested fail2ban, did ban me after 3 failed attempts as intended.
Shouldn't that be
[sshd]
? That is defined and enabled by default in jail.conf. You might be defining a new jail here which has no filter and no action defined.
Although...
I DO get the email message about being banned
is very surprising then.
Last edited by Bevan (2021-11-02 20:38:10)
Offline
itarill wrote:My old, working config in jail.local:
[ssh] enabled = true port = ssh
Tested fail2ban, did ban me after 3 failed attempts as intended.
Shouldn't that be
[sshd]
? That is defined and enabled by default in jail.conf. You might be defining a new jail here which has no filter and no action defined.
Although...
itarill wrote:I DO get the email message about being banned
is very surprising then.
You are right, ssh was a typo in my post. The config contains sshd. Edited the OP.
Offline
The configuration looks correct to me unless you modified anything else. I would try provoking the (non-working) ban on port 12345 and afterwards run
iptables -L
iptables -S
Normally, you should see a corresponding entry created by fail2ban. At least we then see if the entry is entirely missing or somehow wrong/ineffective.
Offline