fail2ban has banned my Ip but I can still login using SSH2019 Community Moderator Electionfail2ban works fine on bad SSH attempts, but fails on bad Apache2 attemptsHow can I teach fail2ban to detect and block attacks from a whole subnet?Server login attempts NOT blocked after configuring fail2banfail2ban ip blocked, yet still login attemptsWhy fail2ban doesn't put some IP address in jailfail2ban is running but no fail2ban.log log file exists for itFail2ban: cannot change default chainFail2Ban fails to start on CentOS 7Fail2ban is started but am not seeing any activity on journalctlfail2ban keeps saying already banned but it didnt actually ban
Journal losing indexing services
How can Trident be so inexpensive? Will it orbit Triton or just do a (slow) flyby?
When quoting, must I also copy hyphens used to divide words that continue on the next line?
Why did the HMS Bounty go back to a time when whales are already rare?
why `nmap 192.168.1.97` returns less services than `nmap 127.0.0.1`?
What is the grammatical term for “‑ed” words like these?
Varistor? Purpose and principle
getting the weights of intermediate layer in keras
A social experiment. What is the worst that can happen?
Is there a conventional notation or name for the slip angle?
Do Legal Documents Require Signing In Standard Pen Colors?
Can the Supreme Court overturn an impeachment?
Why did the EU agree to delay the Brexit deadline?
Can I use my Chinese passport to enter China after I acquired another citizenship?
Global amount of publications over time
Some numbers are more equivalent than others
Could the E-bike drivetrain wear down till needing replacement after 400 km?
Why has "pence" been used in this sentence, not "pences"?
Bob has never been a M before
anything or something to eat
Is there an efficient solution to the travelling salesman problem with binary edge weights?
Is camera lens focus an exact point or a range?
How do I nest cases?
Can I sign legal documents with a smiley face?
fail2ban has banned my Ip but I can still login using SSH
2019 Community Moderator Electionfail2ban works fine on bad SSH attempts, but fails on bad Apache2 attemptsHow can I teach fail2ban to detect and block attacks from a whole subnet?Server login attempts NOT blocked after configuring fail2banfail2ban ip blocked, yet still login attemptsWhy fail2ban doesn't put some IP address in jailfail2ban is running but no fail2ban.log log file exists for itFail2ban: cannot change default chainFail2Ban fails to start on CentOS 7Fail2ban is started but am not seeing any activity on journalctlfail2ban keeps saying already banned but it didnt actually ban
I done a fresh new install of fail2ban
on a Debian 9.8
I copied /etc/fail2ban/jail.conf
as jail.local
.
And in my jail.local
in added enabled=true
under [ssh]
Tailing fail2ban's log I can see what happens when I try to login to SSH using a wrong username/password pair
2019-03-13 17:03:55,751 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:03:55,753 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:03:57,534 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:04:00,630 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:04:00,633 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:04:00,635 fail2ban.actions [3328]: NOTICE [sshd] Ban 192.168.229.1
I supposed it was ok, but I can still try to login. I got
2019-03-13 17:07:59,245 fail2ban.actions [3328]: NOTICE [sshd] 192.168.229.1 already banned
And I see my Ip into iptables
sudo iptables-save | grep 192.
-A f2b-sshd -s 192.168.229.1/32 -j REJECT --reject-with icmp-port-unreachable
So, why I can still try to login? I can also, of course, do a successful login using right name/pwd pair.
I am using the port 26522 instead of standard 22 for ssh. Must I precise it in someway?
fail2ban
add a comment |
I done a fresh new install of fail2ban
on a Debian 9.8
I copied /etc/fail2ban/jail.conf
as jail.local
.
And in my jail.local
in added enabled=true
under [ssh]
Tailing fail2ban's log I can see what happens when I try to login to SSH using a wrong username/password pair
2019-03-13 17:03:55,751 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:03:55,753 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:03:57,534 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:04:00,630 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:04:00,633 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:04:00,635 fail2ban.actions [3328]: NOTICE [sshd] Ban 192.168.229.1
I supposed it was ok, but I can still try to login. I got
2019-03-13 17:07:59,245 fail2ban.actions [3328]: NOTICE [sshd] 192.168.229.1 already banned
And I see my Ip into iptables
sudo iptables-save | grep 192.
-A f2b-sshd -s 192.168.229.1/32 -j REJECT --reject-with icmp-port-unreachable
So, why I can still try to login? I can also, of course, do a successful login using right name/pwd pair.
I am using the port 26522 instead of standard 22 for ssh. Must I precise it in someway?
fail2ban
add a comment |
I done a fresh new install of fail2ban
on a Debian 9.8
I copied /etc/fail2ban/jail.conf
as jail.local
.
And in my jail.local
in added enabled=true
under [ssh]
Tailing fail2ban's log I can see what happens when I try to login to SSH using a wrong username/password pair
2019-03-13 17:03:55,751 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:03:55,753 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:03:57,534 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:04:00,630 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:04:00,633 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:04:00,635 fail2ban.actions [3328]: NOTICE [sshd] Ban 192.168.229.1
I supposed it was ok, but I can still try to login. I got
2019-03-13 17:07:59,245 fail2ban.actions [3328]: NOTICE [sshd] 192.168.229.1 already banned
And I see my Ip into iptables
sudo iptables-save | grep 192.
-A f2b-sshd -s 192.168.229.1/32 -j REJECT --reject-with icmp-port-unreachable
So, why I can still try to login? I can also, of course, do a successful login using right name/pwd pair.
I am using the port 26522 instead of standard 22 for ssh. Must I precise it in someway?
fail2ban
I done a fresh new install of fail2ban
on a Debian 9.8
I copied /etc/fail2ban/jail.conf
as jail.local
.
And in my jail.local
in added enabled=true
under [ssh]
Tailing fail2ban's log I can see what happens when I try to login to SSH using a wrong username/password pair
2019-03-13 17:03:55,751 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:03:55,753 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:03:57,534 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:04:00,630 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:04:00,633 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:04:00,635 fail2ban.actions [3328]: NOTICE [sshd] Ban 192.168.229.1
I supposed it was ok, but I can still try to login. I got
2019-03-13 17:07:59,245 fail2ban.actions [3328]: NOTICE [sshd] 192.168.229.1 already banned
And I see my Ip into iptables
sudo iptables-save | grep 192.
-A f2b-sshd -s 192.168.229.1/32 -j REJECT --reject-with icmp-port-unreachable
So, why I can still try to login? I can also, of course, do a successful login using right name/pwd pair.
I am using the port 26522 instead of standard 22 for ssh. Must I precise it in someway?
fail2ban
fail2ban
asked Mar 13 at 16:10
realteborealtebo
1286
1286
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The reason was the port.
I changed into my jail.local
, inside the section [sshd]
the port
port = ssh
into
port = 26522
And reloaded
sudo /etc/init.d/fail2ban reload
It worked immediately !
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506115%2ffail2ban-has-banned-my-ip-but-i-can-still-login-using-ssh%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The reason was the port.
I changed into my jail.local
, inside the section [sshd]
the port
port = ssh
into
port = 26522
And reloaded
sudo /etc/init.d/fail2ban reload
It worked immediately !
add a comment |
The reason was the port.
I changed into my jail.local
, inside the section [sshd]
the port
port = ssh
into
port = 26522
And reloaded
sudo /etc/init.d/fail2ban reload
It worked immediately !
add a comment |
The reason was the port.
I changed into my jail.local
, inside the section [sshd]
the port
port = ssh
into
port = 26522
And reloaded
sudo /etc/init.d/fail2ban reload
It worked immediately !
The reason was the port.
I changed into my jail.local
, inside the section [sshd]
the port
port = ssh
into
port = 26522
And reloaded
sudo /etc/init.d/fail2ban reload
It worked immediately !
answered Mar 13 at 16:19
realteborealtebo
1286
1286
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506115%2ffail2ban-has-banned-my-ip-but-i-can-still-login-using-ssh%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
-fail2ban