Hardware: Olimex Lime 2 YunoHost version: 11.1.7 I have access to my server : Through SSH | through the webadmin | Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : my SSH port is already different from the default one.
Description of my issue
Hi, since February 17th, I got a warning from the diagnosis tool :
[WARNING] There’s been a suspiciously high number of authentication failures recently. You may want to make sure that fail2ban is running and is correctly configured, or use a custom port for SSH as explained in Security | Yunohost Documentation.
I don’t understand why, because I didn’t personnaly attempt to login the days before this message. Fail2ban is working and I got nothing suspicious in the logs (hastebin). Still I restarted it. My SSH port is already custom. I did nothing before this happened.
Has someone an idea on what is wrong or how to investigate it ?
I’m not sure because I did it a long time ago when I installed the server, but I think I directly edited the sshd_config file. By the way, this rises another alert from the diagnosis tool, but since the beginning so I silenced it.
The web admin prompts the correct custom port. In the firewall, the 22 port is closed, and my custom ssh port is open.
How can I check which ports are protected by fail2ban ?
I still didn’t solve the problem. I tried to change the ssh port from the webadmin but no progress. Does anyone has another idea, what should I check ?
Interestingly, the command returns nothing.
When I do : iptables-save only
I got several lines with my open ports, including the one for ssh, but there is no “f2b-sshd” at the end : -A INPUT -p tcp -m tcp --dport MYSSHPORT -j ACCEPT
Could it be a symptom of the real issue ?
I remember a long time ago having a problem by being banned myself from my SSH port (but it was at least 2 versions of Debian ago ) and I may have change the configuration of fail2ban so as to regain access. I don’t know if this is a lead towards the problem ?
And yunohost service status yunohost-firewall fail2ban returns :
fail2ban:
configuration: valid
description: Protects against brute-force and other kinds of attacks from the Internet
last_state_change: 2023-03-04 12:15:20
start_on_boot: enabled
status: running
yunohost-firewall:
configuration: unknown
description: Manages open and close connection ports to services
last_state_change: 2023-02-12 23:15:05
start_on_boot: enabled
status: running
I already restarted my server several times…
By reading your own topic, I looked into my jail.d, and I found a “my_ssh_port.conf” file, I think I remember I created it after I got my own IP banned. The file contains :
[sshd]
port = MYSSHPORT
ignoreip = 192.168.0.17 (<- it is my PC local IP)
[sshd-ddos]
port = MYSSHPORT
So it may be a duplicate of the yunohost-jails.conf file, but nothing contradictory.