Fail2ban and ssh login attempt

zcatav · February 10, 2024, 8:43am

My YunoHost server

Hardware: VPS bought online
YunoHost version: 11.2.9.1 (stable)
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hi,
My system send regular messages as follows;

The automatic diagnosis on your YunoHost server identified some issues on your server. You will find a description of the issues below. You can manage those issues in the ‘Diagnosis’ section in your webadmin.

=================================
Base system (basesystem)

[WARNING] There’s been a suspiciously high number of authentication failures recently. You may want to make sure that fail2ban is running and is correctly configured, or use a custom port for SSH as explained in Security | Yunohost Documentation.

Diagnosis reports same issue.

Fail2ban service logs → hastebin


Save New Duplicate & Edit Just Text Twitter
LOGFILE: journalctl
-- Journal begins at Thu 2023-10-05 00:00:05 CEST, ends at Sat 2024-02-10 09:35:43 CET. --
Feb 10 09:17:19 fail2ban-server[28682]:     self.__flushBan(stop=True)
Feb 10 09:17:19 fail2ban-server[28682]:   File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 666, in __flushBan
Feb 10 09:17:19 fail2ban-server[28682]:     action.consistencyCheck(_beforeRepair)
Feb 10 09:17:19 fail2ban-server[28682]:   File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 690, in consistencyCheck
Feb 10 09:17:19 fail2ban-server[28682]:     if started and not self._invariantCheck(family, beforeRepair):
Feb 10 09:17:19 fail2ban-server[28682]:   File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 916, in _invariantCheck
Feb 10 09:17:19 fail2ban-server[28682]:     if beforeRepair and not beforeRepair():
Feb 10 09:17:19 fail2ban-server[28682]:   File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 663, in _beforeRepair
Feb 10 09:17:19 fail2ban-server[28682]:     self._logSys.error("Invariant check failed. Flush is impossible.")
Feb 10 09:17:19 fail2ban-server[28682]: AttributeError: 'Actions' object has no attribute '_logSys'
Feb 10 09:17:20 fail2ban-client[29215]: Shutdown successful
Feb 10 09:17:20 systemd[1]: fail2ban.service: Succeeded.
Feb 10 09:17:20 systemd[1]: Stopped Fail2Ban Service.
Feb 10 09:17:20 systemd[1]: fail2ban.service: Consumed 1.883s CPU time.
Feb 10 09:17:20 systemd[1]: Starting Fail2Ban Service...
Feb 10 09:17:20 systemd[1]: Started Fail2Ban Service.
Feb 10 09:17:20 fail2ban-server[29222]: Server ready
Feb 10 09:18:35 systemd[1]: Reloading Fail2Ban Service.
Feb 10 09:18:35 fail2ban-client[29420]: OK
Feb 10 09:18:35 systemd[1]: Reloaded Fail2Ban Service.
Feb 10 09:18:36 systemd[1]: Stopping Fail2Ban Service...
Feb 10 09:18:37 fail2ban-server[29222]: Traceback (most recent call last):
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 653, in __flushBan
Feb 10 09:18:37 fail2ban-server[29222]:     if action.flush():
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 637, in flush
Feb 10 09:18:37 fail2ban-server[29222]:     return self._executeOperation('<actionflush>', 'flushing', family=family, afterExec=_afterFlush)
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 476, in _executeOperation
Feb 10 09:18:37 fail2ban-server[29222]:     raise RuntimeError("Error %s action %s/%s: %r" % (operation, self._jail, self._name, err))
Feb 10 09:18:37 fail2ban-server[29222]: RuntimeError: Error flushing action Jail('recidive')/iptables-allports: 'Script error'
Feb 10 09:18:37 fail2ban-server[29222]: During handling of the above exception, another exception occurred:
Feb 10 09:18:37 fail2ban-server[29222]: Traceback (most recent call last):
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/jailthread.py", line 69, in run_with_except_hook
Feb 10 09:18:37 fail2ban-server[29222]:     run(*args, **kwargs)
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 368, in run
Feb 10 09:18:37 fail2ban-server[29222]:     self.__flushBan(stop=True)
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 666, in __flushBan
Feb 10 09:18:37 fail2ban-server[29222]:     action.consistencyCheck(_beforeRepair)
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 690, in consistencyCheck
Feb 10 09:18:37 fail2ban-server[29222]:     if started and not self._invariantCheck(family, beforeRepair):
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 916, in _invariantCheck
Feb 10 09:18:37 fail2ban-server[29222]:     if beforeRepair and not beforeRepair():
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 663, in _beforeRepair
Feb 10 09:18:37 fail2ban-server[29222]:     self._logSys.error("Invariant check failed. Flush is impossible.")
Feb 10 09:18:37 fail2ban-server[29222]: AttributeError: 'Actions' object has no attribute '_logSys'
Feb 10 09:18:37 fail2ban-client[29513]: Shutdown successful
Feb 10 09:18:37 systemd[1]: fail2ban.service: Succeeded.
Feb 10 09:18:37 systemd[1]: Stopped Fail2Ban Service.
Feb 10 09:18:37 systemd[1]: Starting Fail2Ban Service...
Feb 10 09:18:37 systemd[1]: Started Fail2Ban Service.
Feb 10 09:18:38 fail2ban-server[29520]: Server ready

LOGFILE: /var/log/fail2ban.log
2024-02-10 09:34:15,120 fail2ban.filter         [29520]: INFO    [sshd] Found 138.197.31.240 - 2024-02-10 09:34:15
2024-02-10 09:34:15,125 fail2ban.filter         [29520]: INFO    [pam-generic] Found 138.197.31.240 - 2024-02-10 09:34:15
2024-02-10 09:34:15,589 fail2ban.filter         [29520]: INFO    [sshd] Found 109.123.239.236 - 2024-02-10 09:34:15
2024-02-10 09:34:15,593 fail2ban.filter         [29520]: INFO    [pam-generic] Found 109.123.239.236 - 2024-02-10 09:34:15
2024-02-10 09:34:17,198 fail2ban.filter         [29520]: INFO    [sshd] Found 138.197.31.240 - 2024-02-10 09:34:16
2024-02-10 09:34:17,438 fail2ban.filter         [29520]: INFO    [sshd] Found 109.123.239.236 - 2024-02-10 09:34:17
2024-02-10 09:34:24,824 fail2ban.filter         [29520]: INFO    [sshd] Found 35.186.145.141 - 2024-02-10 09:34:24
2024-02-10 09:34:24,830 fail2ban.filter         [29520]: INFO    [pam-generic] Found 35.186.145.141 - 2024-02-10 09:34:24
2024-02-10 09:34:26,911 fail2ban.filter         [29520]: INFO    [sshd] Found 35.186.145.141 - 2024-02-10 09:34:26
2024-02-10 09:34:29,215 fail2ban.filter         [29520]: INFO    [pam-generic] Found 185.45.212.231 - 2024-02-10 09:34:29
2024-02-10 09:34:29,216 fail2ban.filter         [29520]: INFO    [sshd] Found 185.45.212.231 - 2024-02-10 09:34:28
2024-02-10 09:34:30,621 fail2ban.filter         [29520]: INFO    [pam-generic] Found 185.74.4.20 - 2024-02-10 09:34:30
2024-02-10 09:34:30,622 fail2ban.filter         [29520]: INFO    [sshd] Found 185.74.4.20 - 2024-02-10 09:34:30
2024-02-10 09:34:30,626 fail2ban.filter         [29520]: INFO    [sshd] Found 185.45.212.231 - 2024-02-10 09:34:30
2024-02-10 09:34:32,352 fail2ban.filter         [29520]: INFO    [sshd] Found 185.74.4.20 - 2024-02-10 09:34:32
2024-02-10 09:34:46,789 fail2ban.filter         [29520]: INFO    [pam-generic] Found 129.204.224.239 - 2024-02-10 09:34:46
2024-02-10 09:34:46,791 fail2ban.filter         [29520]: INFO    [sshd] Found 129.204.224.239 - 2024-02-10 09:34:46
2024-02-10 09:34:46,934 fail2ban.filter         [29520]: INFO    [sshd] Found 43.134.119.233 - 2024-02-10 09:34:46
2024-02-10 09:34:46,937 fail2ban.filter         [29520]: INFO    [pam-generic] Found 43.134.119.233 - 2024-02-10 09:34:46
2024-02-10 09:34:48,078 fail2ban.filter         [29520]: INFO    [sshd] Found 129.204.224.239 - 2024-02-10 09:34:48
2024-02-10 09:34:48,369 fail2ban.filter         [29520]: INFO    [sshd] Found 43.134.119.233 - 2024-02-10 09:34:48
2024-02-10 09:34:48,534 fail2ban.actions        [29520]: NOTICE  [sshd] Ban 129.204.224.239
2024-02-10 09:34:48,541 fail2ban.filter         [29520]: INFO    [recidive] Found 129.204.224.239 - 2024-02-10 09:34:48
2024-02-10 09:34:52,276 fail2ban.filter         [29520]: INFO    [sshd] Found 59.89.163.65 - 2024-02-10 09:34:52
2024-02-10 09:34:52,278 fail2ban.filter         [29520]: INFO    [pam-generic] Found 59.89.163.65 - 2024-02-10 09:34:52
2024-02-10 09:34:52,626 fail2ban.filter         [29520]: INFO    [sshd] Found 43.134.25.163 - 2024-02-10 09:34:52
2024-02-10 09:34:52,628 fail2ban.filter         [29520]: INFO    [pam-generic] Found 43.134.25.163 - 2024-02-10 09:34:52
2024-02-10 09:34:53,476 fail2ban.filter         [29520]: INFO    [sshd] Found 59.89.163.65 - 2024-02-10 09:34:53
2024-02-10 09:34:53,887 fail2ban.filter         [29520]: INFO    [sshd] Found 43.134.25.163 - 2024-02-10 09:34:53
2024-02-10 09:34:55,955 fail2ban.filter         [29520]: INFO    [sshd] Found 43.135.177.244 - 2024-02-10 09:34:55
2024-02-10 09:34:55,957 fail2ban.filter         [29520]: INFO    [pam-generic] Found 43.135.177.244 - 2024-02-10 09:34:55
2024-02-10 09:34:57,162 fail2ban.actions        [29520]: NOTICE  [sshd] Unban 103.123.63.250
2024-02-10 09:34:58,663 fail2ban.filter         [29520]: INFO    [sshd] Found 43.135.177.244 - 2024-02-10 09:34:58
2024-02-10 09:35:06,707 fail2ban.filter         [29520]: INFO    [pam-generic] Found 138.197.31.240 - 2024-02-10 09:35:06
2024-02-10 09:35:06,709 fail2ban.filter         [29520]: INFO    [sshd] Found 138.197.31.240 - 2024-02-10 09:35:06
2024-02-10 09:35:09,413 fail2ban.filter         [29520]: INFO    [sshd] Found 138.197.31.240 - 2024-02-10 09:35:09
2024-02-10 09:35:17,834 fail2ban.filter         [29520]: INFO    [sshd] Found 109.123.239.236 - 2024-02-10 09:35:17
2024-02-10 09:35:17,836 fail2ban.filter         [29520]: INFO    [pam-generic] Found 109.123.239.236 - 2024-02-10 09:35:17
2024-02-10 09:35:19,122 fail2ban.filter         [29520]: INFO    [sshd] Found 35.186.145.141 - 2024-02-10 09:35:19
2024-02-10 09:35:19,125 fail2ban.filter         [29520]: INFO    [pam-generic] Found 35.186.145.141 - 2024-02-10 09:35:19
2024-02-10 09:35:19,525 fail2ban.filter         [29520]: INFO    [sshd] Found 109.123.239.236 - 2024-02-10 09:35:19
2024-02-10 09:35:21,474 fail2ban.filter         [29520]: INFO    [sshd] Found 35.186.145.141 - 2024-02-10 09:35:21
2024-02-10 09:35:29,048 fail2ban.filter         [29520]: INFO    [sshd] Found 185.74.4.20 - 2024-02-10 09:35:29
2024-02-10 09:35:29,051 fail2ban.filter         [29520]: INFO    [pam-generic] Found 185.74.4.20 - 2024-02-10 09:35:29
2024-02-10 09:35:31,756 fail2ban.filter         [29520]: INFO    [sshd] Found 185.74.4.20 - 2024-02-10 09:35:31
2024-02-10 09:35:32,562 fail2ban.filter         [29520]: INFO    [sshd] Found 185.45.212.231 - 2024-02-10 09:35:32
2024-02-10 09:35:32,566 fail2ban.filter         [29520]: INFO    [pam-generic] Found 185.45.212.231 - 2024-02-10 09:35:32
2024-02-10 09:35:34,983 fail2ban.filter         [29520]: INFO    [sshd] Found 185.45.212.231 - 2024-02-10 09:35:34
2024-02-10 09:35:35,223 fail2ban.actions        [29520]: NOTICE  [sshd] Ban 185.45.212.231
2024-02-10 09:35:35,271 fail2ban.filter         [29520]: INFO    [recidive] Found 185.45.212.231 - 2024-02-10 09:35:35

When I try to change ssh port number everything looks like good but old port persist. I tried to change both cli and via webadmin but failed.

What is my sytem’s problem. How can solve it?
Thanks for your attention.

PS: I have another same two instances on different servers run as expected.

Aleks · February 10, 2024, 5:42pm

What do you mean, “the old port persist”

zcatav · February 10, 2024, 6:05pm

cat /etc/ssh/sshd_config | grep Port
Port 22

sudo yunohost settings set security.ssh.port -v 2222
[sudo] password for admin:
Info: Saving the new configuration…
Warning: The configuration file ‘/etc/ssh/sshd_config’ has been manually modified and will not be updated
Success! Configuration updated for ‘fail2ban’
Success! Firewall reloaded
Success! Config updated as expected

cat /etc/ssh/sshd_config | grep Port
Port 22

But web-api shows

And ssh fails for 2222 but connect with 22.

zcatav · February 11, 2024, 6:42pm

I have a new problem. Fail2ban does not start.


LOGFILE: journalctl
-- Journal begins at Sat 2023-10-07 00:00:04 CEST, ends at Sun 2024-02-11 19:37:32 CET. --
Feb 11 18:54:52 systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Feb 11 18:54:52 systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Feb 11 18:56:50 systemd[1]: Starting Fail2Ban Service...
Feb 11 18:56:50 systemd[1]: Started Fail2Ban Service.
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,150 fail2ban.configreader   [1537]: ERROR   Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,150 fail2ban.jailreader     [1537]: ERROR   Unable to read the filter 'sshd-ddos'
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,150 fail2ban.jailsreader    [1537]: ERROR   Errors in jail 'sshd-ddos'. Skipping...
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,222 fail2ban.configreader   [1537]: ERROR   Found no accessible config files for 'filter.d/postfix-rbl' under /etc/fail2ban
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,222 fail2ban.jailreader     [1537]: ERROR   Unable to read the filter 'postfix-rbl'
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,222 fail2ban.jailsreader    [1537]: ERROR   Errors in jail 'postfix-rbl'. Skipping...
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,303 fail2ban                [1537]: ERROR   Failed during configuration: Have not found any log file for selinux-ssh jail
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,310 fail2ban                [1537]: ERROR   Async configuration of server failed
Feb 11 18:56:50 systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Feb 11 18:56:50 systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Feb 11 19:11:24 systemd[1]: Starting Fail2Ban Service...
Feb 11 19:11:24 systemd[1]: Started Fail2Ban Service.
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,024 fail2ban.configreader   [2921]: ERROR   Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,025 fail2ban.jailreader     [2921]: ERROR   Unable to read the filter 'sshd-ddos'
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,025 fail2ban.jailsreader    [2921]: ERROR   Errors in jail 'sshd-ddos'. Skipping...
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,093 fail2ban.configreader   [2921]: ERROR   Found no accessible config files for 'filter.d/postfix-rbl' under /etc/fail2ban
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,093 fail2ban.jailreader     [2921]: ERROR   Unable to read the filter 'postfix-rbl'
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,093 fail2ban.jailsreader    [2921]: ERROR   Errors in jail 'postfix-rbl'. Skipping...
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,166 fail2ban                [2921]: ERROR   Failed during configuration: Have not found any log file for selinux-ssh jail
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,183 fail2ban                [2921]: ERROR   Async configuration of server failed
Feb 11 19:11:25 systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Feb 11 19:11:25 systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Feb 11 19:12:11 systemd[1]: Starting Fail2Ban Service...
Feb 11 19:12:11 systemd[1]: Started Fail2Ban Service.
Feb 11 19:12:11 fail2ban-server[2992]: 2024-02-11 19:12:11,918 fail2ban.configreader   [2992]: ERROR   Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban
Feb 11 19:12:11 fail2ban-server[2992]: 2024-02-11 19:12:11,918 fail2ban.jailreader     [2992]: ERROR   Unable to read the filter 'sshd-ddos'
Feb 11 19:12:11 fail2ban-server[2992]: 2024-02-11 19:12:11,919 fail2ban.jailsreader    [2992]: ERROR   Errors in jail 'sshd-ddos'. Skipping...
Feb 11 19:12:11 fail2ban-server[2992]: 2024-02-11 19:12:11,987 fail2ban.configreader   [2992]: ERROR   Found no accessible config files for 'filter.d/postfix-rbl' under /etc/fail2ban
Feb 11 19:12:11 fail2ban-server[2992]: 2024-02-11 19:12:11,987 fail2ban.jailreader     [2992]: ERROR   Unable to read the filter 'postfix-rbl'
Feb 11 19:12:11 fail2ban-server[2992]: 2024-02-11 19:12:11,988 fail2ban.jailsreader    [2992]: ERROR   Errors in jail 'postfix-rbl'. Skipping...
Feb 11 19:12:12 fail2ban-server[2992]: 2024-02-11 19:12:12,061 fail2ban                [2992]: ERROR   Failed during configuration: Have not found any log file for selinux-ssh jail
Feb 11 19:12:12 fail2ban-server[2992]: 2024-02-11 19:12:12,077 fail2ban                [2992]: ERROR   Async configuration of server failed
Feb 11 19:12:12 systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Feb 11 19:12:12 systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Feb 11 19:30:44 systemd[1]: Starting Fail2Ban Service...
Feb 11 19:30:44 systemd[1]: Started Fail2Ban Service.
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,535 fail2ban.configreader   [3163]: ERROR   Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,536 fail2ban.jailreader     [3163]: ERROR   Unable to read the filter 'sshd-ddos'
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,536 fail2ban.jailsreader    [3163]: ERROR   Errors in jail 'sshd-ddos'. Skipping...
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,607 fail2ban.configreader   [3163]: ERROR   Found no accessible config files for 'filter.d/postfix-rbl' under /etc/fail2ban
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,608 fail2ban.jailreader     [3163]: ERROR   Unable to read the filter 'postfix-rbl'
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,608 fail2ban.jailsreader    [3163]: ERROR   Errors in jail 'postfix-rbl'. Skipping...
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,685 fail2ban                [3163]: ERROR   Failed during configuration: Have not found any log file for selinux-ssh jail
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,704 fail2ban                [3163]: ERROR   Async configuration of server failed
Feb 11 19:30:44 systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Feb 11 19:30:44 systemd[1]: fail2ban.service: Failed with result 'exit-code'.

LOGFILE: /var/log/fail2ban.log
2024-02-11 18:31:40,741 fail2ban.jail           [91971]: INFO    Jail 'sshd' started
2024-02-11 18:31:40,743 fail2ban.jail           [91971]: INFO    Jail 'nginx-http-auth' started
2024-02-11 18:31:40,747 fail2ban.jail           [91971]: INFO    Jail 'postfix' started
2024-02-11 18:31:40,748 fail2ban.jail           [91971]: INFO    Jail 'dovecot' started
2024-02-11 18:31:40,759 fail2ban.jail           [91971]: INFO    Jail 'recidive' started
2024-02-11 18:31:40,761 fail2ban.jail           [91971]: INFO    Jail 'pam-generic' started
2024-02-11 18:31:40,766 fail2ban.jail           [91971]: INFO    Jail 'gitea' started
2024-02-11 18:31:40,767 fail2ban.jail           [91971]: INFO    Jail 'sasl' started
2024-02-11 18:31:40,769 fail2ban.jail           [91971]: INFO    Jail 'yunohost' started
2024-02-11 18:47:09,928 fail2ban.server         [91971]: INFO    Shutdown in progress...
2024-02-11 18:47:09,929 fail2ban.observer       [91971]: INFO    Observer stop ... try to end queue 5 seconds
2024-02-11 18:47:09,949 fail2ban.observer       [91971]: INFO    Observer stopped, 0 events remaining.
2024-02-11 18:47:09,990 fail2ban.server         [91971]: INFO    Stopping all jails
2024-02-11 18:47:09,991 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/auth.log'
2024-02-11 18:47:09,992 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/error.log'
2024-02-11 18:47:09,993 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/heartsapiens.art-error.log'
2024-02-11 18:47:09,994 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/xmpp-upload.heartsapiens.art-error.log'
2024-02-11 18:47:09,995 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/mail.log'
2024-02-11 18:47:09,996 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/mail.log'
2024-02-11 18:47:09,996 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/fail2ban.log'
2024-02-11 18:47:09,997 fail2ban.filter         [91971]: ERROR   Unable to get failures in /var/log/fail2ban.log
2024-02-11 18:47:09,997 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/auth.log'
2024-02-11 18:47:09,998 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/gitea/gitea.log'
2024-02-11 18:47:09,998 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/mail.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/error.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/heartsapiens.art-error.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/xmpp-upload.heartsapiens.art-error.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/heartsapiens.art-access.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/xmpp-upload.heartsapiens.art-access.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/access.log'
2024-02-11 18:47:10,086 fail2ban.actions        [91971]: NOTICE  [postfix] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,086 fail2ban.actions        [91971]: NOTICE  [recidive] Flush ticket(s) with iptables-allports
2024-02-11 18:47:10,086 fail2ban.actions        [91971]: NOTICE  [dovecot] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,087 fail2ban.actions        [91971]: NOTICE  [nginx-http-auth] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,088 fail2ban.actions        [91971]: NOTICE  [yunohost] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,088 fail2ban.actions        [91971]: NOTICE  [gitea] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,088 fail2ban.actions        [91971]: NOTICE  [pam-generic] Flush ticket(s) with iptables-allports
2024-02-11 18:47:10,087 fail2ban.actions        [91971]: NOTICE  [sasl] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,261 fail2ban.actions        [91971]: NOTICE  [sshd] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:11,216 fail2ban.jail           [91971]: INFO    Jail 'sshd' stopped
2024-02-11 18:47:11,216 fail2ban.jail           [91971]: INFO    Jail 'nginx-http-auth' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'postfix' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'dovecot' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'recidive' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'pam-generic' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'gitea' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'sasl' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'yunohost' stopped
2024-02-11 18:47:11,218 fail2ban.database       [91971]: INFO    Connection to database closed.
2024-02-11 18:47:11,218 fail2ban.server         [91971]: INFO    Exiting Fail2ban

2024-02-11 18:31:40,741 fail2ban.jail           [91971]: INFO    Jail 'sshd' started
2024-02-11 18:31:40,743 fail2ban.jail           [91971]: INFO    Jail 'nginx-http-auth' started
2024-02-11 18:31:40,747 fail2ban.jail           [91971]: INFO    Jail 'postfix' started
2024-02-11 18:31:40,748 fail2ban.jail           [91971]: INFO    Jail 'dovecot' started
2024-02-11 18:31:40,759 fail2ban.jail           [91971]: INFO    Jail 'recidive' started
2024-02-11 18:31:40,761 fail2ban.jail           [91971]: INFO    Jail 'pam-generic' started
2024-02-11 18:31:40,766 fail2ban.jail           [91971]: INFO    Jail 'gitea' started
2024-02-11 18:31:40,767 fail2ban.jail           [91971]: INFO    Jail 'sasl' started
2024-02-11 18:31:40,769 fail2ban.jail           [91971]: INFO    Jail 'yunohost' started
2024-02-11 18:47:09,928 fail2ban.server         [91971]: INFO    Shutdown in progress...
2024-02-11 18:47:09,929 fail2ban.observer       [91971]: INFO    Observer stop ... try to end queue 5 seconds
2024-02-11 18:47:09,949 fail2ban.observer       [91971]: INFO    Observer stopped, 0 events remaining.
2024-02-11 18:47:09,990 fail2ban.server         [91971]: INFO    Stopping all jails
2024-02-11 18:47:09,991 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/auth.log'
2024-02-11 18:47:09,992 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/error.log'
2024-02-11 18:47:09,993 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/heartsapiens.art-error.log'
2024-02-11 18:47:09,994 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/xmpp-upload.heartsapiens.art-error.log'
2024-02-11 18:47:09,995 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/mail.log'
2024-02-11 18:47:09,996 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/mail.log'
2024-02-11 18:47:09,996 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/fail2ban.log'
2024-02-11 18:47:09,997 fail2ban.filter         [91971]: ERROR   Unable to get failures in /var/log/fail2ban.log
2024-02-11 18:47:09,997 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/auth.log'
2024-02-11 18:47:09,998 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/gitea/gitea.log'
2024-02-11 18:47:09,998 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/mail.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/error.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/heartsapiens.art-error.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/xmpp-upload.heartsapiens.art-error.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/heartsapiens.art-access.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/xmpp-upload.heartsapiens.art-access.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/access.log'
2024-02-11 18:47:10,086 fail2ban.actions        [91971]: NOTICE  [postfix] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,086 fail2ban.actions        [91971]: NOTICE  [recidive] Flush ticket(s) with iptables-allports
2024-02-11 18:47:10,086 fail2ban.actions        [91971]: NOTICE  [dovecot] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,087 fail2ban.actions        [91971]: NOTICE  [nginx-http-auth] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,088 fail2ban.actions        [91971]: NOTICE  [yunohost] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,088 fail2ban.actions        [91971]: NOTICE  [gitea] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,088 fail2ban.actions        [91971]: NOTICE  [pam-generic] Flush ticket(s) with iptables-allports
2024-02-11 18:47:10,087 fail2ban.actions        [91971]: NOTICE  [sasl] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,261 fail2ban.actions        [91971]: NOTICE  [sshd] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:11,216 fail2ban.jail           [91971]: INFO    Jail 'sshd' stopped
2024-02-11 18:47:11,216 fail2ban.jail           [91971]: INFO    Jail 'nginx-http-auth' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'postfix' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'dovecot' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'recidive' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'pam-generic' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'gitea' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'sasl' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'yunohost' stopped
2024-02-11 18:47:11,218 fail2ban.database       [91971]: INFO    Connection to database closed.
2024-02-11 18:47:11,218 fail2ban.server         [91971]: INFO    Exiting Fail2ban

Aleks · February 11, 2024, 7:29pm

Then you should look at what are the manual modification with yunohost tools regen-conf ssh --dry-run --with-diff and possibly let yunohost overwrite the conf with yunohost tools regen-conf ssh --force

zcatav · February 11, 2024, 7:36pm

yunohost tools regen-conf ssh --dry-run --with-diff
Warning: The configuration file '/etc/ssh/sshd_config' has been manually modified and will not be updated
ssh: 
  applied: 
  pending: 
    /etc/ssh/sshd_config: 
      diff: @@ -10,9 +10,9 @@
 ListenAddress 0.0.0.0
 
 
-# HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
 HostKey /etc/ssh/ssh_host_ed25519_key
-# HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_rsa_key
 
 # ##############################################
 # Stuff recommended by Mozilla "modern" compat'
@@ -22,9 +22,9 @@
 
   # By default use "modern" Mozilla configuration
   # Keys, ciphers and MACS
-  KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
-  Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
-  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
+  KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
+  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 
 
 # LogLevel VERBOSE logs user's key fingerprint on login.
@@ -99,12 +99,12 @@
     AllowStreamLocalForwarding no
     PermitTunnel no
     PermitUserRC no
-    PasswordAuthentication no
+    PasswordAuthentication yes
 
 # root login is allowed on local networks
 # It's meant to be a backup solution in case LDAP is down and
 # user admin can't be used...
 # If the server is a VPS, it's expected that the owner of the
 # server has access to a web console through which to log in.
-# Match Address 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12,169.254.0.0/16,fe80::/10,fd00::/8
-#    PermitRootLogin yes
+Match Address 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12,169.254.0.0/16,fe80::/10,fd00::/8
+    PermitRootLogin yes
      status: modified

Are there any problematic portions? I made some changes for security reason.

Thanks for your attention.

Aleks · February 11, 2024, 7:48pm

It’s up to you, you made then changes, hence you are the one who’s supposed to know what you want to keep or not …

zcatav · February 11, 2024, 8:15pm

SSH service runs and control shows it’s good.
But Fail2ban service does not run regardless of SSH service. I’m trying to set long ban time and add a /etc/fail2ban/jail.d/default.local file with content of;
[DEFAULT]
bantime = 864000
findtime = 86400
maxretry = 4

system · March 12, 2024, 8:16pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Fail2ban and ssh login attempt

My YunoHost server

Description of my issue

================================= Base system (basesystem)

=================================
Base system (basesystem)