High number of authentication failures recently


I have been getting this message from Automatic Diagnosis for a few days now:

[WARNING] There’s been a suspiciously high number of authentication failures recently. You may want to make sure that fail2ban is running and is correctly configured, or use a custom port for SSH as explained in Security | Yunohost Documentation.

I have not changed anything manually.
How can I go troubleshooting?

My YunoHost server

Hardware: VPS bought online
YunoHost version:
I have access to my server : Through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

A robot try to brute force the ssh connexion on your server, don’t fear it’s very common. If you have a good password (at least 12 chars) and fail2ban activated you are safe

You can change the port number for ssh:

yunohost settings set security.ssh.port -v 2222

After that don’t close your console and try with an other one to log in ssh with the port 2222. If itworks you can close all console

Since a couple of weeks now(yunohost 4.3?) i get the same warning. When I look at the logs it seems to be true.

When I follow the advise for passwordless ssh with certificate concerning security in yunohost documentation I have to change the “PasswordAuthentication” from yes to no.

This action solves the problem with too many authentication failures.
But next day I get the warning-message, that the sshd_config was changed and there could be problems in the future when updates would not touch the sshd_config.

What to do? I set the last warning to ignore, but I have no good feeling that way.

I just create a Pull Request to allow you to do, instead of manually modified ssh configuration:

yunohost settings set security.ssh.password_authentication -v no

Error after: yunohost settings set security.ssh.password_authentication -v no

Der Schlüssel’security.ssh.password_authentication’ existiert nicht in den globalen Einstellungen, du kannst alle verfügbaren Schlüssel sehen, indem du ‘yunohost settings list’ ausführst


Pull request means you need to wait the next yunohost version… This new code is not yet “merged” with the testing or stable version.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.