Fail2ban and ssh login attempt

My YunoHost server

Hardware: VPS bought online
YunoHost version: 11.2.9.1 (stable)
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hi,
My system send regular messages as follows;

The automatic diagnosis on your YunoHost server identified some issues on your server. You will find a description of the issues below. You can manage those issues in the ‘Diagnosis’ section in your webadmin.


=================================
Base system (basesystem)

[WARNING] There’s been a suspiciously high number of authentication failures recently. You may want to make sure that fail2ban is running and is correctly configured, or use a custom port for SSH as explained in Security | Yunohost Documentation.

Diagnosis reports same issue.

Fail2ban service logs → hastebin


Save New Duplicate & Edit Just Text Twitter
LOGFILE: journalctl
-- Journal begins at Thu 2023-10-05 00:00:05 CEST, ends at Sat 2024-02-10 09:35:43 CET. --
Feb 10 09:17:19 fail2ban-server[28682]:     self.__flushBan(stop=True)
Feb 10 09:17:19 fail2ban-server[28682]:   File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 666, in __flushBan
Feb 10 09:17:19 fail2ban-server[28682]:     action.consistencyCheck(_beforeRepair)
Feb 10 09:17:19 fail2ban-server[28682]:   File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 690, in consistencyCheck
Feb 10 09:17:19 fail2ban-server[28682]:     if started and not self._invariantCheck(family, beforeRepair):
Feb 10 09:17:19 fail2ban-server[28682]:   File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 916, in _invariantCheck
Feb 10 09:17:19 fail2ban-server[28682]:     if beforeRepair and not beforeRepair():
Feb 10 09:17:19 fail2ban-server[28682]:   File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 663, in _beforeRepair
Feb 10 09:17:19 fail2ban-server[28682]:     self._logSys.error("Invariant check failed. Flush is impossible.")
Feb 10 09:17:19 fail2ban-server[28682]: AttributeError: 'Actions' object has no attribute '_logSys'
Feb 10 09:17:20 fail2ban-client[29215]: Shutdown successful
Feb 10 09:17:20 systemd[1]: fail2ban.service: Succeeded.
Feb 10 09:17:20 systemd[1]: Stopped Fail2Ban Service.
Feb 10 09:17:20 systemd[1]: fail2ban.service: Consumed 1.883s CPU time.
Feb 10 09:17:20 systemd[1]: Starting Fail2Ban Service...
Feb 10 09:17:20 systemd[1]: Started Fail2Ban Service.
Feb 10 09:17:20 fail2ban-server[29222]: Server ready
Feb 10 09:18:35 systemd[1]: Reloading Fail2Ban Service.
Feb 10 09:18:35 fail2ban-client[29420]: OK
Feb 10 09:18:35 systemd[1]: Reloaded Fail2Ban Service.
Feb 10 09:18:36 systemd[1]: Stopping Fail2Ban Service...
Feb 10 09:18:37 fail2ban-server[29222]: Traceback (most recent call last):
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 653, in __flushBan
Feb 10 09:18:37 fail2ban-server[29222]:     if action.flush():
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 637, in flush
Feb 10 09:18:37 fail2ban-server[29222]:     return self._executeOperation('<actionflush>', 'flushing', family=family, afterExec=_afterFlush)
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 476, in _executeOperation
Feb 10 09:18:37 fail2ban-server[29222]:     raise RuntimeError("Error %s action %s/%s: %r" % (operation, self._jail, self._name, err))
Feb 10 09:18:37 fail2ban-server[29222]: RuntimeError: Error flushing action Jail('recidive')/iptables-allports: 'Script error'
Feb 10 09:18:37 fail2ban-server[29222]: During handling of the above exception, another exception occurred:
Feb 10 09:18:37 fail2ban-server[29222]: Traceback (most recent call last):
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/jailthread.py", line 69, in run_with_except_hook
Feb 10 09:18:37 fail2ban-server[29222]:     run(*args, **kwargs)
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 368, in run
Feb 10 09:18:37 fail2ban-server[29222]:     self.__flushBan(stop=True)
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 666, in __flushBan
Feb 10 09:18:37 fail2ban-server[29222]:     action.consistencyCheck(_beforeRepair)
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 690, in consistencyCheck
Feb 10 09:18:37 fail2ban-server[29222]:     if started and not self._invariantCheck(family, beforeRepair):
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 916, in _invariantCheck
Feb 10 09:18:37 fail2ban-server[29222]:     if beforeRepair and not beforeRepair():
Feb 10 09:18:37 fail2ban-server[29222]:   File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 663, in _beforeRepair
Feb 10 09:18:37 fail2ban-server[29222]:     self._logSys.error("Invariant check failed. Flush is impossible.")
Feb 10 09:18:37 fail2ban-server[29222]: AttributeError: 'Actions' object has no attribute '_logSys'
Feb 10 09:18:37 fail2ban-client[29513]: Shutdown successful
Feb 10 09:18:37 systemd[1]: fail2ban.service: Succeeded.
Feb 10 09:18:37 systemd[1]: Stopped Fail2Ban Service.
Feb 10 09:18:37 systemd[1]: Starting Fail2Ban Service...
Feb 10 09:18:37 systemd[1]: Started Fail2Ban Service.
Feb 10 09:18:38 fail2ban-server[29520]: Server ready

LOGFILE: /var/log/fail2ban.log
2024-02-10 09:34:15,120 fail2ban.filter         [29520]: INFO    [sshd] Found 138.197.31.240 - 2024-02-10 09:34:15
2024-02-10 09:34:15,125 fail2ban.filter         [29520]: INFO    [pam-generic] Found 138.197.31.240 - 2024-02-10 09:34:15
2024-02-10 09:34:15,589 fail2ban.filter         [29520]: INFO    [sshd] Found 109.123.239.236 - 2024-02-10 09:34:15
2024-02-10 09:34:15,593 fail2ban.filter         [29520]: INFO    [pam-generic] Found 109.123.239.236 - 2024-02-10 09:34:15
2024-02-10 09:34:17,198 fail2ban.filter         [29520]: INFO    [sshd] Found 138.197.31.240 - 2024-02-10 09:34:16
2024-02-10 09:34:17,438 fail2ban.filter         [29520]: INFO    [sshd] Found 109.123.239.236 - 2024-02-10 09:34:17
2024-02-10 09:34:24,824 fail2ban.filter         [29520]: INFO    [sshd] Found 35.186.145.141 - 2024-02-10 09:34:24
2024-02-10 09:34:24,830 fail2ban.filter         [29520]: INFO    [pam-generic] Found 35.186.145.141 - 2024-02-10 09:34:24
2024-02-10 09:34:26,911 fail2ban.filter         [29520]: INFO    [sshd] Found 35.186.145.141 - 2024-02-10 09:34:26
2024-02-10 09:34:29,215 fail2ban.filter         [29520]: INFO    [pam-generic] Found 185.45.212.231 - 2024-02-10 09:34:29
2024-02-10 09:34:29,216 fail2ban.filter         [29520]: INFO    [sshd] Found 185.45.212.231 - 2024-02-10 09:34:28
2024-02-10 09:34:30,621 fail2ban.filter         [29520]: INFO    [pam-generic] Found 185.74.4.20 - 2024-02-10 09:34:30
2024-02-10 09:34:30,622 fail2ban.filter         [29520]: INFO    [sshd] Found 185.74.4.20 - 2024-02-10 09:34:30
2024-02-10 09:34:30,626 fail2ban.filter         [29520]: INFO    [sshd] Found 185.45.212.231 - 2024-02-10 09:34:30
2024-02-10 09:34:32,352 fail2ban.filter         [29520]: INFO    [sshd] Found 185.74.4.20 - 2024-02-10 09:34:32
2024-02-10 09:34:46,789 fail2ban.filter         [29520]: INFO    [pam-generic] Found 129.204.224.239 - 2024-02-10 09:34:46
2024-02-10 09:34:46,791 fail2ban.filter         [29520]: INFO    [sshd] Found 129.204.224.239 - 2024-02-10 09:34:46
2024-02-10 09:34:46,934 fail2ban.filter         [29520]: INFO    [sshd] Found 43.134.119.233 - 2024-02-10 09:34:46
2024-02-10 09:34:46,937 fail2ban.filter         [29520]: INFO    [pam-generic] Found 43.134.119.233 - 2024-02-10 09:34:46
2024-02-10 09:34:48,078 fail2ban.filter         [29520]: INFO    [sshd] Found 129.204.224.239 - 2024-02-10 09:34:48
2024-02-10 09:34:48,369 fail2ban.filter         [29520]: INFO    [sshd] Found 43.134.119.233 - 2024-02-10 09:34:48
2024-02-10 09:34:48,534 fail2ban.actions        [29520]: NOTICE  [sshd] Ban 129.204.224.239
2024-02-10 09:34:48,541 fail2ban.filter         [29520]: INFO    [recidive] Found 129.204.224.239 - 2024-02-10 09:34:48
2024-02-10 09:34:52,276 fail2ban.filter         [29520]: INFO    [sshd] Found 59.89.163.65 - 2024-02-10 09:34:52
2024-02-10 09:34:52,278 fail2ban.filter         [29520]: INFO    [pam-generic] Found 59.89.163.65 - 2024-02-10 09:34:52
2024-02-10 09:34:52,626 fail2ban.filter         [29520]: INFO    [sshd] Found 43.134.25.163 - 2024-02-10 09:34:52
2024-02-10 09:34:52,628 fail2ban.filter         [29520]: INFO    [pam-generic] Found 43.134.25.163 - 2024-02-10 09:34:52
2024-02-10 09:34:53,476 fail2ban.filter         [29520]: INFO    [sshd] Found 59.89.163.65 - 2024-02-10 09:34:53
2024-02-10 09:34:53,887 fail2ban.filter         [29520]: INFO    [sshd] Found 43.134.25.163 - 2024-02-10 09:34:53
2024-02-10 09:34:55,955 fail2ban.filter         [29520]: INFO    [sshd] Found 43.135.177.244 - 2024-02-10 09:34:55
2024-02-10 09:34:55,957 fail2ban.filter         [29520]: INFO    [pam-generic] Found 43.135.177.244 - 2024-02-10 09:34:55
2024-02-10 09:34:57,162 fail2ban.actions        [29520]: NOTICE  [sshd] Unban 103.123.63.250
2024-02-10 09:34:58,663 fail2ban.filter         [29520]: INFO    [sshd] Found 43.135.177.244 - 2024-02-10 09:34:58
2024-02-10 09:35:06,707 fail2ban.filter         [29520]: INFO    [pam-generic] Found 138.197.31.240 - 2024-02-10 09:35:06
2024-02-10 09:35:06,709 fail2ban.filter         [29520]: INFO    [sshd] Found 138.197.31.240 - 2024-02-10 09:35:06
2024-02-10 09:35:09,413 fail2ban.filter         [29520]: INFO    [sshd] Found 138.197.31.240 - 2024-02-10 09:35:09
2024-02-10 09:35:17,834 fail2ban.filter         [29520]: INFO    [sshd] Found 109.123.239.236 - 2024-02-10 09:35:17
2024-02-10 09:35:17,836 fail2ban.filter         [29520]: INFO    [pam-generic] Found 109.123.239.236 - 2024-02-10 09:35:17
2024-02-10 09:35:19,122 fail2ban.filter         [29520]: INFO    [sshd] Found 35.186.145.141 - 2024-02-10 09:35:19
2024-02-10 09:35:19,125 fail2ban.filter         [29520]: INFO    [pam-generic] Found 35.186.145.141 - 2024-02-10 09:35:19
2024-02-10 09:35:19,525 fail2ban.filter         [29520]: INFO    [sshd] Found 109.123.239.236 - 2024-02-10 09:35:19
2024-02-10 09:35:21,474 fail2ban.filter         [29520]: INFO    [sshd] Found 35.186.145.141 - 2024-02-10 09:35:21
2024-02-10 09:35:29,048 fail2ban.filter         [29520]: INFO    [sshd] Found 185.74.4.20 - 2024-02-10 09:35:29
2024-02-10 09:35:29,051 fail2ban.filter         [29520]: INFO    [pam-generic] Found 185.74.4.20 - 2024-02-10 09:35:29
2024-02-10 09:35:31,756 fail2ban.filter         [29520]: INFO    [sshd] Found 185.74.4.20 - 2024-02-10 09:35:31
2024-02-10 09:35:32,562 fail2ban.filter         [29520]: INFO    [sshd] Found 185.45.212.231 - 2024-02-10 09:35:32
2024-02-10 09:35:32,566 fail2ban.filter         [29520]: INFO    [pam-generic] Found 185.45.212.231 - 2024-02-10 09:35:32
2024-02-10 09:35:34,983 fail2ban.filter         [29520]: INFO    [sshd] Found 185.45.212.231 - 2024-02-10 09:35:34
2024-02-10 09:35:35,223 fail2ban.actions        [29520]: NOTICE  [sshd] Ban 185.45.212.231
2024-02-10 09:35:35,271 fail2ban.filter         [29520]: INFO    [recidive] Found 185.45.212.231 - 2024-02-10 09:35:35

When I try to change ssh port number everything looks like good but old port persist. I tried to change both cli and via webadmin but failed.

What is my sytem’s problem. How can solve it?
Thanks for your attention.

PS: I have another same two instances on different servers run as expected.

What do you mean, “the old port persist”

cat /etc/ssh/sshd_config | grep Port
Port 22

sudo yunohost settings set security.ssh.port -v 2222
[sudo] password for admin:
Info: Saving the new configuration…
Warning: The configuration file ‘/etc/ssh/sshd_config’ has been manually modified and will not be updated
Success! Configuration updated for ‘fail2ban’
Success! Firewall reloaded
Success! Config updated as expected

cat /etc/ssh/sshd_config | grep Port
Port 22

But web-api shows

And ssh fails for 2222 but connect with 22.

I have a new problem. Fail2ban does not start.


LOGFILE: journalctl
-- Journal begins at Sat 2023-10-07 00:00:04 CEST, ends at Sun 2024-02-11 19:37:32 CET. --
Feb 11 18:54:52 systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Feb 11 18:54:52 systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Feb 11 18:56:50 systemd[1]: Starting Fail2Ban Service...
Feb 11 18:56:50 systemd[1]: Started Fail2Ban Service.
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,150 fail2ban.configreader   [1537]: ERROR   Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,150 fail2ban.jailreader     [1537]: ERROR   Unable to read the filter 'sshd-ddos'
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,150 fail2ban.jailsreader    [1537]: ERROR   Errors in jail 'sshd-ddos'. Skipping...
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,222 fail2ban.configreader   [1537]: ERROR   Found no accessible config files for 'filter.d/postfix-rbl' under /etc/fail2ban
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,222 fail2ban.jailreader     [1537]: ERROR   Unable to read the filter 'postfix-rbl'
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,222 fail2ban.jailsreader    [1537]: ERROR   Errors in jail 'postfix-rbl'. Skipping...
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,303 fail2ban                [1537]: ERROR   Failed during configuration: Have not found any log file for selinux-ssh jail
Feb 11 18:56:50 fail2ban-server[1537]: 2024-02-11 18:56:50,310 fail2ban                [1537]: ERROR   Async configuration of server failed
Feb 11 18:56:50 systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Feb 11 18:56:50 systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Feb 11 19:11:24 systemd[1]: Starting Fail2Ban Service...
Feb 11 19:11:24 systemd[1]: Started Fail2Ban Service.
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,024 fail2ban.configreader   [2921]: ERROR   Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,025 fail2ban.jailreader     [2921]: ERROR   Unable to read the filter 'sshd-ddos'
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,025 fail2ban.jailsreader    [2921]: ERROR   Errors in jail 'sshd-ddos'. Skipping...
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,093 fail2ban.configreader   [2921]: ERROR   Found no accessible config files for 'filter.d/postfix-rbl' under /etc/fail2ban
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,093 fail2ban.jailreader     [2921]: ERROR   Unable to read the filter 'postfix-rbl'
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,093 fail2ban.jailsreader    [2921]: ERROR   Errors in jail 'postfix-rbl'. Skipping...
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,166 fail2ban                [2921]: ERROR   Failed during configuration: Have not found any log file for selinux-ssh jail
Feb 11 19:11:25 fail2ban-server[2921]: 2024-02-11 19:11:25,183 fail2ban                [2921]: ERROR   Async configuration of server failed
Feb 11 19:11:25 systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Feb 11 19:11:25 systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Feb 11 19:12:11 systemd[1]: Starting Fail2Ban Service...
Feb 11 19:12:11 systemd[1]: Started Fail2Ban Service.
Feb 11 19:12:11 fail2ban-server[2992]: 2024-02-11 19:12:11,918 fail2ban.configreader   [2992]: ERROR   Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban
Feb 11 19:12:11 fail2ban-server[2992]: 2024-02-11 19:12:11,918 fail2ban.jailreader     [2992]: ERROR   Unable to read the filter 'sshd-ddos'
Feb 11 19:12:11 fail2ban-server[2992]: 2024-02-11 19:12:11,919 fail2ban.jailsreader    [2992]: ERROR   Errors in jail 'sshd-ddos'. Skipping...
Feb 11 19:12:11 fail2ban-server[2992]: 2024-02-11 19:12:11,987 fail2ban.configreader   [2992]: ERROR   Found no accessible config files for 'filter.d/postfix-rbl' under /etc/fail2ban
Feb 11 19:12:11 fail2ban-server[2992]: 2024-02-11 19:12:11,987 fail2ban.jailreader     [2992]: ERROR   Unable to read the filter 'postfix-rbl'
Feb 11 19:12:11 fail2ban-server[2992]: 2024-02-11 19:12:11,988 fail2ban.jailsreader    [2992]: ERROR   Errors in jail 'postfix-rbl'. Skipping...
Feb 11 19:12:12 fail2ban-server[2992]: 2024-02-11 19:12:12,061 fail2ban                [2992]: ERROR   Failed during configuration: Have not found any log file for selinux-ssh jail
Feb 11 19:12:12 fail2ban-server[2992]: 2024-02-11 19:12:12,077 fail2ban                [2992]: ERROR   Async configuration of server failed
Feb 11 19:12:12 systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Feb 11 19:12:12 systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Feb 11 19:30:44 systemd[1]: Starting Fail2Ban Service...
Feb 11 19:30:44 systemd[1]: Started Fail2Ban Service.
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,535 fail2ban.configreader   [3163]: ERROR   Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,536 fail2ban.jailreader     [3163]: ERROR   Unable to read the filter 'sshd-ddos'
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,536 fail2ban.jailsreader    [3163]: ERROR   Errors in jail 'sshd-ddos'. Skipping...
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,607 fail2ban.configreader   [3163]: ERROR   Found no accessible config files for 'filter.d/postfix-rbl' under /etc/fail2ban
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,608 fail2ban.jailreader     [3163]: ERROR   Unable to read the filter 'postfix-rbl'
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,608 fail2ban.jailsreader    [3163]: ERROR   Errors in jail 'postfix-rbl'. Skipping...
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,685 fail2ban                [3163]: ERROR   Failed during configuration: Have not found any log file for selinux-ssh jail
Feb 11 19:30:44 fail2ban-server[3163]: 2024-02-11 19:30:44,704 fail2ban                [3163]: ERROR   Async configuration of server failed
Feb 11 19:30:44 systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Feb 11 19:30:44 systemd[1]: fail2ban.service: Failed with result 'exit-code'.

LOGFILE: /var/log/fail2ban.log
2024-02-11 18:31:40,741 fail2ban.jail           [91971]: INFO    Jail 'sshd' started
2024-02-11 18:31:40,743 fail2ban.jail           [91971]: INFO    Jail 'nginx-http-auth' started
2024-02-11 18:31:40,747 fail2ban.jail           [91971]: INFO    Jail 'postfix' started
2024-02-11 18:31:40,748 fail2ban.jail           [91971]: INFO    Jail 'dovecot' started
2024-02-11 18:31:40,759 fail2ban.jail           [91971]: INFO    Jail 'recidive' started
2024-02-11 18:31:40,761 fail2ban.jail           [91971]: INFO    Jail 'pam-generic' started
2024-02-11 18:31:40,766 fail2ban.jail           [91971]: INFO    Jail 'gitea' started
2024-02-11 18:31:40,767 fail2ban.jail           [91971]: INFO    Jail 'sasl' started
2024-02-11 18:31:40,769 fail2ban.jail           [91971]: INFO    Jail 'yunohost' started
2024-02-11 18:47:09,928 fail2ban.server         [91971]: INFO    Shutdown in progress...
2024-02-11 18:47:09,929 fail2ban.observer       [91971]: INFO    Observer stop ... try to end queue 5 seconds
2024-02-11 18:47:09,949 fail2ban.observer       [91971]: INFO    Observer stopped, 0 events remaining.
2024-02-11 18:47:09,990 fail2ban.server         [91971]: INFO    Stopping all jails
2024-02-11 18:47:09,991 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/auth.log'
2024-02-11 18:47:09,992 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/error.log'
2024-02-11 18:47:09,993 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/heartsapiens.art-error.log'
2024-02-11 18:47:09,994 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/xmpp-upload.heartsapiens.art-error.log'
2024-02-11 18:47:09,995 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/mail.log'
2024-02-11 18:47:09,996 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/mail.log'
2024-02-11 18:47:09,996 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/fail2ban.log'
2024-02-11 18:47:09,997 fail2ban.filter         [91971]: ERROR   Unable to get failures in /var/log/fail2ban.log
2024-02-11 18:47:09,997 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/auth.log'
2024-02-11 18:47:09,998 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/gitea/gitea.log'
2024-02-11 18:47:09,998 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/mail.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/error.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/heartsapiens.art-error.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/xmpp-upload.heartsapiens.art-error.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/heartsapiens.art-access.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/xmpp-upload.heartsapiens.art-access.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/access.log'
2024-02-11 18:47:10,086 fail2ban.actions        [91971]: NOTICE  [postfix] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,086 fail2ban.actions        [91971]: NOTICE  [recidive] Flush ticket(s) with iptables-allports
2024-02-11 18:47:10,086 fail2ban.actions        [91971]: NOTICE  [dovecot] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,087 fail2ban.actions        [91971]: NOTICE  [nginx-http-auth] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,088 fail2ban.actions        [91971]: NOTICE  [yunohost] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,088 fail2ban.actions        [91971]: NOTICE  [gitea] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,088 fail2ban.actions        [91971]: NOTICE  [pam-generic] Flush ticket(s) with iptables-allports
2024-02-11 18:47:10,087 fail2ban.actions        [91971]: NOTICE  [sasl] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,261 fail2ban.actions        [91971]: NOTICE  [sshd] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:11,216 fail2ban.jail           [91971]: INFO    Jail 'sshd' stopped
2024-02-11 18:47:11,216 fail2ban.jail           [91971]: INFO    Jail 'nginx-http-auth' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'postfix' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'dovecot' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'recidive' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'pam-generic' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'gitea' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'sasl' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'yunohost' stopped
2024-02-11 18:47:11,218 fail2ban.database       [91971]: INFO    Connection to database closed.
2024-02-11 18:47:11,218 fail2ban.server         [91971]: INFO    Exiting Fail2ban
2024-02-11 18:31:40,741 fail2ban.jail           [91971]: INFO    Jail 'sshd' started
2024-02-11 18:31:40,743 fail2ban.jail           [91971]: INFO    Jail 'nginx-http-auth' started
2024-02-11 18:31:40,747 fail2ban.jail           [91971]: INFO    Jail 'postfix' started
2024-02-11 18:31:40,748 fail2ban.jail           [91971]: INFO    Jail 'dovecot' started
2024-02-11 18:31:40,759 fail2ban.jail           [91971]: INFO    Jail 'recidive' started
2024-02-11 18:31:40,761 fail2ban.jail           [91971]: INFO    Jail 'pam-generic' started
2024-02-11 18:31:40,766 fail2ban.jail           [91971]: INFO    Jail 'gitea' started
2024-02-11 18:31:40,767 fail2ban.jail           [91971]: INFO    Jail 'sasl' started
2024-02-11 18:31:40,769 fail2ban.jail           [91971]: INFO    Jail 'yunohost' started
2024-02-11 18:47:09,928 fail2ban.server         [91971]: INFO    Shutdown in progress...
2024-02-11 18:47:09,929 fail2ban.observer       [91971]: INFO    Observer stop ... try to end queue 5 seconds
2024-02-11 18:47:09,949 fail2ban.observer       [91971]: INFO    Observer stopped, 0 events remaining.
2024-02-11 18:47:09,990 fail2ban.server         [91971]: INFO    Stopping all jails
2024-02-11 18:47:09,991 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/auth.log'
2024-02-11 18:47:09,992 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/error.log'
2024-02-11 18:47:09,993 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/heartsapiens.art-error.log'
2024-02-11 18:47:09,994 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/xmpp-upload.heartsapiens.art-error.log'
2024-02-11 18:47:09,995 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/mail.log'
2024-02-11 18:47:09,996 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/mail.log'
2024-02-11 18:47:09,996 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/fail2ban.log'
2024-02-11 18:47:09,997 fail2ban.filter         [91971]: ERROR   Unable to get failures in /var/log/fail2ban.log
2024-02-11 18:47:09,997 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/auth.log'
2024-02-11 18:47:09,998 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/gitea/gitea.log'
2024-02-11 18:47:09,998 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/mail.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/error.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/heartsapiens.art-error.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/xmpp-upload.heartsapiens.art-error.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/heartsapiens.art-access.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/xmpp-upload.heartsapiens.art-access.log'
2024-02-11 18:47:09,999 fail2ban.filter         [91971]: INFO    Removed logfile: '/var/log/nginx/access.log'
2024-02-11 18:47:10,086 fail2ban.actions        [91971]: NOTICE  [postfix] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,086 fail2ban.actions        [91971]: NOTICE  [recidive] Flush ticket(s) with iptables-allports
2024-02-11 18:47:10,086 fail2ban.actions        [91971]: NOTICE  [dovecot] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,087 fail2ban.actions        [91971]: NOTICE  [nginx-http-auth] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,088 fail2ban.actions        [91971]: NOTICE  [yunohost] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,088 fail2ban.actions        [91971]: NOTICE  [gitea] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,088 fail2ban.actions        [91971]: NOTICE  [pam-generic] Flush ticket(s) with iptables-allports
2024-02-11 18:47:10,087 fail2ban.actions        [91971]: NOTICE  [sasl] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:10,261 fail2ban.actions        [91971]: NOTICE  [sshd] Flush ticket(s) with iptables-multiport
2024-02-11 18:47:11,216 fail2ban.jail           [91971]: INFO    Jail 'sshd' stopped
2024-02-11 18:47:11,216 fail2ban.jail           [91971]: INFO    Jail 'nginx-http-auth' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'postfix' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'dovecot' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'recidive' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'pam-generic' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'gitea' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'sasl' stopped
2024-02-11 18:47:11,217 fail2ban.jail           [91971]: INFO    Jail 'yunohost' stopped
2024-02-11 18:47:11,218 fail2ban.database       [91971]: INFO    Connection to database closed.
2024-02-11 18:47:11,218 fail2ban.server         [91971]: INFO    Exiting Fail2ban

Then you should look at what are the manual modification with yunohost tools regen-conf ssh --dry-run --with-diff and possibly let yunohost overwrite the conf with yunohost tools regen-conf ssh --force

yunohost tools regen-conf ssh --dry-run --with-diff
Warning: The configuration file '/etc/ssh/sshd_config' has been manually modified and will not be updated
ssh: 
  applied: 
  pending: 
    /etc/ssh/sshd_config: 
      diff: @@ -10,9 +10,9 @@
 ListenAddress 0.0.0.0
 
 
-# HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
 HostKey /etc/ssh/ssh_host_ed25519_key
-# HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_rsa_key
 
 # ##############################################
 # Stuff recommended by Mozilla "modern" compat'
@@ -22,9 +22,9 @@
 
   # By default use "modern" Mozilla configuration
   # Keys, ciphers and MACS
-  KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
-  Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
-  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
+  KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
+  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 
 
 # LogLevel VERBOSE logs user's key fingerprint on login.
@@ -99,12 +99,12 @@
     AllowStreamLocalForwarding no
     PermitTunnel no
     PermitUserRC no
-    PasswordAuthentication no
+    PasswordAuthentication yes
 
 # root login is allowed on local networks
 # It's meant to be a backup solution in case LDAP is down and
 # user admin can't be used...
 # If the server is a VPS, it's expected that the owner of the
 # server has access to a web console through which to log in.
-# Match Address 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12,169.254.0.0/16,fe80::/10,fd00::/8
-#    PermitRootLogin yes
+Match Address 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12,169.254.0.0/16,fe80::/10,fd00::/8
+    PermitRootLogin yes
      status: modified

Are there any problematic portions? I made some changes for security reason.

Thanks for your attention.

It’s up to you, you made then changes, hence you are the one who’s supposed to know what you want to keep or not …

SSH service runs and control shows it’s good.
But Fail2ban service does not run regardless of SSH service. I’m trying to set long ban time and add a /etc/fail2ban/jail.d/default.local file with content of;
[DEFAULT]
bantime = 864000
findtime = 86400
maxretry = 4