If I open up a custom port for ssh, will fail2ban automatically pick it up?
I just tried 10 times to login with a fake password on the new SSH port and fail2ban did not ban me.
Any help would be appreciated
@YoMo : and how exactly did you change the SSH port … did you use the corresponding global setting ?
I went into the webadmin, and changed it there. It did not do anything. (Probably because I have a modified ssh config file because I allowed root)
So I changed ports in the config file.
Then I cant help you further without knowing all the details of wether or not you restarted the different services, also maybe reloading/restarting yunohost firewall, etc … Or check fail2ban conf manually idk …
1 Like
I guess the easiest way for me to get out of the mess is force regenerate the SSH config file, change port via Web Admin and then check if fail2ban is working on the new port.
Am I right?
@Aleks I just did it the right way via web admin, and it doesn’t seem like fail2ban is banning my attempts on the new port.
Then check what’s the port actually configured in the fail2ban conf …
[sshd]
port = 5566
enabled = true
/etc/fail2ban/jail.d/yunohost-jails.conf
Then let’s also check tail -n 20 /var/log/fail2ban.log to see if it’s actually picking up the auth attempts
The IP address starting 100 is my attempts (I modified the IP addresses to remove sensitive data)
Seems it detect the attempt but fail to ban (D:)
Do you retrieve your new ssh port with this command : iptables-save | grep ssh | grep INPUT ?
Btw seems there are more errors relative to other jails (recidive…).
Did you tried to restart the service fail2ban ?
Restarted Fail2Ban and the server too.
I uninstalled nextcloud and matamo, rebooted again the server. and fail2ban seems to be working!
2023-02-09 10:39:55,752 fail2ban.server [554]: INFO Jail 'sasl' reloaded
2023-02-09 10:39:55,752 fail2ban.server [554]: INFO Jail 'yunohost' reloaded
2023-02-09 10:39:55,753 fail2ban.server [554]: INFO Reload finished.
2023-02-09 10:41:13,351 fail2ban.filter [554]: INFO [pam-generic] Found 71.255.00.00 - 2023-02-09 10:41:13
2023-02-09 10:46:08,463 fail2ban.filter [554]: INFO [pam-generic] Found 100.0.000.02 - 2023-02-09 10:46:08
2023-02-09 10:46:10,280 fail2ban.filter [554]: INFO [sshd] Found 100.0.000.02 - 2023-02-09 10:46:10
2023-02-09 10:46:14,830 fail2ban.filter [554]: INFO [sshd] Found 100.0.000.02 - 2023-02-09 10:46:14
2023-02-09 10:46:21,244 fail2ban.filter [554]: INFO [sshd] Found 100.0.000.02 - 2023-02-09 10:46:20
2023-02-09 10:46:26,352 fail2ban.filter [554]: INFO [pam-generic] Found 100.0.000.02 - 2023-02-09 10:46:26
2023-02-09 10:46:27,964 fail2ban.filter [554]: INFO [sshd] Found 100.0.000.02 - 2023-02-09 10:46:27
2023-02-09 10:46:32,457 fail2ban.filter [554]: INFO [sshd] Found 100.0.000.02 - 2023-02-09 10:46:32
2023-02-09 10:46:36,347 fail2ban.filter [554]: INFO [sshd] Found 100.0.000.02 - 2023-02-09 10:46:36
2023-02-09 10:46:42,614 fail2ban.filter [554]: INFO [pam-generic] Found 100.0.000.02 - 2023-02-09 10:46:42
2023-02-09 10:46:45,330 fail2ban.filter [554]: INFO [sshd] Found 100.0.000.02 - 2023-02-09 10:46:44
2023-02-09 10:46:49,737 fail2ban.filter [554]: INFO [sshd] Found 100.0.000.02 - 2023-02-09 10:46:49
2023-02-09 10:46:53,550 fail2ban.filter [554]: INFO [sshd] Found 100.0.000.02 - 2023-02-09 10:46:53
2023-02-09 10:46:58,656 fail2ban.filter [554]: INFO [pam-generic] Found 100.0.000.02 - 2023-02-09 10:46:58
2023-02-09 10:47:00,259 fail2ban.filter [554]: INFO [sshd] Found 100.0.000.02 - 2023-02-09 10:46:59
2023-02-09 10:47:00,563 fail2ban.actions [554]: NOTICE [sshd] Ban 100.0.000.02
2023-02-09 10:47:00,573 fail2ban.filter [554]: INFO [recidive] Found 100.0.000.02 - 2023-02-09 10:47:00
Thank you all for the help.
P.S. Is there an easy way to change Fail2Ban configs like maxtry across all apps without breaking stuff?
IIRC, use custom settings in a .local jail (in folder /etc/fail2ban/jail.d/)
Example :
[DEFAULT]
bantime = 34560000
findtime = 86400
maxretry = 3
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.