I remember to restart services (fail2ban, ssh) after changing configuration files I use non-standard port for my ssh connection: There are a couple of things that can be relevant here as well: Iptables -I INPUT -p tcp -m multiport -dports anyport -j fail2ban-ssh returned 200 11:26:17,142 fail2ban.filter : INFO Added logfile = /var/log/auth.log 11:26:17,141 fail2ban.jail : INFO Initiated 'pyinotify' backend 11:26:17,024 fail2ban.jail : INFO Jail 'ssh' uses pyinotify 11:26:16,826 fail2ban.jail : INFO Creating new jail 'ssh' 11:26:16,825 rver : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.11 Here is sudo iptables -L output: Chain INPUT (policy ACCEPT)Īnd here what is written in /var/log/fail2ban.log after restarting fail2ban: 11:26:12,538 rver : INFO Stopping all jails Jul 8 09:51:27 nazwaserwera sshd: PAM 5 more authentication failures logname= uid=0 euid=0 tty=ssh ruser= rhost=.pl user=my-admin Jul 8 09:51:27 nazwaserwera sshd: Disconnecting: Too many authentication failures for my-admin Jul 8 09:51:27 nazwaserwera sshd: message repeated 5 times:
What is my ubuntu 14.04.2 tty1 password password#
Jul 8 09:51:10 nazwaserwera sshd: Failed password for my-admin from 83.8.19.34 port 56451 ssh2 Here is the fragment showing my 6 unsuccessful logins: Jul 8 09:51:09 nazwaserwera sshd: pam_unix(sshd:auth): authentication failure logname= uid=0 euid=0 tty=ssh ruser= rhost=.pl user=my-admin The /var/log/auth.log looks probably fine. I am allowed 6 though and there is no ban. Only ssh is enabled and I did not change anything that is omitted.Īccording to this configuration I should be banned for 300 seconds after 4 failed login attemps. I would like to secure my web server from brute force attack (first through ssh).
0 kommentar(er)
