[SOLVED] fail2ban and denyhosts constantly ban me

Banned

Installing and using fail2ban is a great way to prevent attacks on SSH but I encountered an unusual problem with it: I sometimes got banned after frequent successful ssh logins. The reason was that I had public key authentication set up for another user on the same host and ssh was trying to use it for all the other accounts before prompting me for a password. The default fail2ban filters consider the “Failed publickey” error in the sshd log file at the same level with a failed password login hence the ban.

To change this behavior I had to edit /etc/fail2ban/filter.d/sshd.conf and change.

^%(__prefix_line)sFailed (?:password|publickey) for .* from (?: port \d*)?(?: ssh\d*)?$

into

^%(__prefix_line)sFailed password for .* from (?: port \d*)?(?: ssh\d*)?$

Advertisements

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: