fail2ban has banned my Ip but I can still login using SSH2019 Community Moderator Electionfail2ban works fine on bad SSH attempts, but fails on bad Apache2 attemptsHow can I teach fail2ban to detect and block attacks from a whole subnet?Server login attempts NOT blocked after configuring fail2banfail2ban ip blocked, yet still login attemptsWhy fail2ban doesn't put some IP address in jailfail2ban is running but no fail2ban.log log file exists for itFail2ban: cannot change default chainFail2Ban fails to start on CentOS 7Fail2ban is started but am not seeing any activity on journalctlfail2ban keeps saying already banned but it didnt actually ban

Journal losing indexing services

How can Trident be so inexpensive? Will it orbit Triton or just do a (slow) flyby?

When quoting, must I also copy hyphens used to divide words that continue on the next line?

Why did the HMS Bounty go back to a time when whales are already rare?

why `nmap 192.168.1.97` returns less services than `nmap 127.0.0.1`?

What is the gram­mat­i­cal term for “‑ed” words like these?

Varistor? Purpose and principle

getting the weights of intermediate layer in keras

A social experiment. What is the worst that can happen?

Is there a conventional notation or name for the slip angle?

Do Legal Documents Require Signing In Standard Pen Colors?

Can the Supreme Court overturn an impeachment?

Why did the EU agree to delay the Brexit deadline?

Can I use my Chinese passport to enter China after I acquired another citizenship?

Global amount of publications over time

Some numbers are more equivalent than others

Could the E-bike drivetrain wear down till needing replacement after 400 km?

Why has "pence" been used in this sentence, not "pences"?

Bob has never been a M before

anything or something to eat

Is there an efficient solution to the travelling salesman problem with binary edge weights?

Is camera lens focus an exact point or a range?

How do I nest cases?

Can I sign legal documents with a smiley face?



fail2ban has banned my Ip but I can still login using SSH



2019 Community Moderator Electionfail2ban works fine on bad SSH attempts, but fails on bad Apache2 attemptsHow can I teach fail2ban to detect and block attacks from a whole subnet?Server login attempts NOT blocked after configuring fail2banfail2ban ip blocked, yet still login attemptsWhy fail2ban doesn't put some IP address in jailfail2ban is running but no fail2ban.log log file exists for itFail2ban: cannot change default chainFail2Ban fails to start on CentOS 7Fail2ban is started but am not seeing any activity on journalctlfail2ban keeps saying already banned but it didnt actually ban










1















I done a fresh new install of fail2ban on a Debian 9.8



I copied /etc/fail2ban/jail.conf as jail.local.



And in my jail.local in added enabled=true under [ssh]



Tailing fail2ban's log I can see what happens when I try to login to SSH using a wrong username/password pair



2019-03-13 17:03:55,751 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:03:55,753 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:03:57,534 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:04:00,630 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:04:00,633 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
2019-03-13 17:04:00,635 fail2ban.actions [3328]: NOTICE [sshd] Ban 192.168.229.1


I supposed it was ok, but I can still try to login. I got



2019-03-13 17:07:59,245 fail2ban.actions [3328]: NOTICE [sshd] 192.168.229.1 already banned


And I see my Ip into iptables



 sudo iptables-save | grep 192.
-A f2b-sshd -s 192.168.229.1/32 -j REJECT --reject-with icmp-port-unreachable


So, why I can still try to login? I can also, of course, do a successful login using right name/pwd pair.



I am using the port 26522 instead of standard 22 for ssh. Must I precise it in someway?






fail2ban







share|improve this question


























    1















    I done a fresh new install of fail2ban on a Debian 9.8



    I copied /etc/fail2ban/jail.conf as jail.local.



    And in my jail.local in added enabled=true under [ssh]



    Tailing fail2ban's log I can see what happens when I try to login to SSH using a wrong username/password pair



    2019-03-13 17:03:55,751 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
    2019-03-13 17:03:55,753 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
    2019-03-13 17:03:57,534 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
    2019-03-13 17:04:00,630 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
    2019-03-13 17:04:00,633 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
    2019-03-13 17:04:00,635 fail2ban.actions [3328]: NOTICE [sshd] Ban 192.168.229.1


    I supposed it was ok, but I can still try to login. I got



    2019-03-13 17:07:59,245 fail2ban.actions [3328]: NOTICE [sshd] 192.168.229.1 already banned


    And I see my Ip into iptables



     sudo iptables-save | grep 192.
    -A f2b-sshd -s 192.168.229.1/32 -j REJECT --reject-with icmp-port-unreachable


    So, why I can still try to login? I can also, of course, do a successful login using right name/pwd pair.



    I am using the port 26522 instead of standard 22 for ssh. Must I precise it in someway?






    fail2ban







    share|improve this question
























      1












      1








      1








      I done a fresh new install of fail2ban on a Debian 9.8



      I copied /etc/fail2ban/jail.conf as jail.local.



      And in my jail.local in added enabled=true under [ssh]



      Tailing fail2ban's log I can see what happens when I try to login to SSH using a wrong username/password pair



      2019-03-13 17:03:55,751 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
      2019-03-13 17:03:55,753 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
      2019-03-13 17:03:57,534 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
      2019-03-13 17:04:00,630 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
      2019-03-13 17:04:00,633 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
      2019-03-13 17:04:00,635 fail2ban.actions [3328]: NOTICE [sshd] Ban 192.168.229.1


      I supposed it was ok, but I can still try to login. I got



      2019-03-13 17:07:59,245 fail2ban.actions [3328]: NOTICE [sshd] 192.168.229.1 already banned


      And I see my Ip into iptables



       sudo iptables-save | grep 192.
      -A f2b-sshd -s 192.168.229.1/32 -j REJECT --reject-with icmp-port-unreachable


      So, why I can still try to login? I can also, of course, do a successful login using right name/pwd pair.



      I am using the port 26522 instead of standard 22 for ssh. Must I precise it in someway?






      fail2ban







      share|improve this question














      I done a fresh new install of fail2ban on a Debian 9.8



      I copied /etc/fail2ban/jail.conf as jail.local.



      And in my jail.local in added enabled=true under [ssh]



      Tailing fail2ban's log I can see what happens when I try to login to SSH using a wrong username/password pair



      2019-03-13 17:03:55,751 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
      2019-03-13 17:03:55,753 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
      2019-03-13 17:03:57,534 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
      2019-03-13 17:04:00,630 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
      2019-03-13 17:04:00,633 fail2ban.filter [3328]: INFO [sshd] Found 192.168.229.1
      2019-03-13 17:04:00,635 fail2ban.actions [3328]: NOTICE [sshd] Ban 192.168.229.1


      I supposed it was ok, but I can still try to login. I got



      2019-03-13 17:07:59,245 fail2ban.actions [3328]: NOTICE [sshd] 192.168.229.1 already banned


      And I see my Ip into iptables



       sudo iptables-save | grep 192.
      -A f2b-sshd -s 192.168.229.1/32 -j REJECT --reject-with icmp-port-unreachable


      So, why I can still try to login? I can also, of course, do a successful login using right name/pwd pair.



      I am using the port 26522 instead of standard 22 for ssh. Must I precise it in someway?






      fail2ban




      fail2ban






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Mar 13 at 16:10









      realteborealtebo

      1286




      1286




















          1 Answer
          1






          active

          oldest

          votes


















          1















          The reason was the port.




          I changed into my jail.local, inside the section [sshd] the port



          port = ssh


          into 



          port = 26522


          And reloaded



          sudo /etc/init.d/fail2ban reload


          It worked immediately !






          share|improve this answer






















            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506115%2ffail2ban-has-banned-my-ip-but-i-can-still-login-using-ssh%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1















            The reason was the port.




            I changed into my jail.local, inside the section [sshd] the port



            port = ssh


            into 



            port = 26522


            And reloaded



            sudo /etc/init.d/fail2ban reload


            It worked immediately !






            share|improve this answer



























              1















              The reason was the port.




              I changed into my jail.local, inside the section [sshd] the port



              port = ssh


              into 



              port = 26522


              And reloaded



              sudo /etc/init.d/fail2ban reload


              It worked immediately !






              share|improve this answer

























                1












                1








                1








                The reason was the port.




                I changed into my jail.local, inside the section [sshd] the port



                port = ssh


                into 



                port = 26522


                And reloaded



                sudo /etc/init.d/fail2ban reload


                It worked immediately !






                share|improve this answer














                The reason was the port.




                I changed into my jail.local, inside the section [sshd] the port



                port = ssh


                into 



                port = 26522


                And reloaded



                sudo /etc/init.d/fail2ban reload


                It worked immediately !







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Mar 13 at 16:19









                realteborealtebo

                1286




                1286



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506115%2ffail2ban-has-banned-my-ip-but-i-can-still-login-using-ssh%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -fail2ban
                    -

                    Popular posts from this blog

                    Creating 100m^2 grid automatically using QGIS?Creating grid constrained within polygon in QGIS?Createing polygon layer from point data using QGIS?Creating vector grid using QGIS?Creating grid polygons from coordinates using R or PythonCreating grid from spatio temporal point data?Creating fields in attributes table using other layers using QGISCreate .shp vector grid in QGISQGIS Creating 4km point grid within polygonsCreate a vector grid over a raster layerVector Grid Creates just one grid

                    Image
                    Pattern match does not work in bash script Mage Armor with Defense fighting style (for Adventurers League bladeslinger) LaTeX closing $ signs makes cursor jump String Manipulation Interpreter Can divisibility rules for digits be generalized to sum of digits I'm planning on buying a laser printer but concerned about the life cycle of toner in the machine What is the offset in a seaplane's hull? How can I make my BBEG immortal short of making them a Lich or Vampire? What are the differences between the usage of 'it' and 'they'? The use of multiple foreign keys on same column in SQL Server How did the USSR manage to innovate in an environment characterized by government censorship and high bureaucracy? Is it tax fraud for an individual to declare non-taxable revenue as taxable income? (US tax laws) Why Is Death Allowed In the Matrix? Minkowski space Why are 150k or 200k jobs considered good when there are 300k+ births a month? Why do f...
                    Read more

                    How to link a C library to an Assembly library on Mac with clangHow do you set, clear, and toggle a single bit?Find (and kill) process locking port 3000 on MacWho is listening on a given TCP port on Mac OS X?How to start PostgreSQL server on Mac OS X?Compile assembler in nasm on mac osHow do I install pip on macOS or OS X?AFNetworking 2.0 “_NSURLSessionTransferSizeUnknown” linking error on Mac OS X 10.8C++ code for testing the Collatz conjecture faster than hand-written assembly - why?How to link a NASM code and GCC in Mac OS X?How to run x86 .asm on macOS Sierra

                    Image
                    Is there enough fresh water in the world to eradicate the drinking water crisis? What is the term when two people sing in harmony, but they aren't singing the same notes? Is there a problem with hiding "forgot password" until it's needed? Why does this part of the Space Shuttle launch pad seem to be floating in air? Hostile work environment after whistle-blowing on coworker and our boss. What do I do? How to prevent YouTube from showing already watched videos? Is there an Impartial Brexit Deal comparison site? Would it be legal for a US State to ban exports of a natural resource? Can somebody explain Brexit in a few child-proof sentences? Latex for-and in equation Is a naturally all "male" species possible? Is there an wasy way to program in Tikz something like the one in the image? How to deal with or prevent idle in the test team? node command while defining a coordinate in TikZ Simulating a probability of 1 of 2^N with less tha...
                    Read more

                    Nikolai Prilezhaev Bibliography References External links Navigation menuEarly Russian Organic Chemists and Their Legacy092774english translationRussian Biography

                    19th-century chemists20th-century chemists1877 births1944 deathsRussian chemists RussianO.S.KopossevoNizhny NovgorodMoscoworganic chemistPrilezhaev ReactionepoxidesalkenesperoxyacidsUniversity of WarsawYegor Yegorovich VagnerGeorg WagnerSt. PetersburgPolytechnic in KievUniversity of MinskBelarusian Academy of SciencesAlexei Nikolaevich Bachname reactionSoviet Academy of Sciences Nikolai Alexandrovich Prilezhaev , Russian: Николай Александрович Прилежаев , (Born 15 [O.S. 1877] 27 [1] in Kopossevo near Nizhny Novgorod, died May 26, 1944 in Moscow) was a Russian organic chemist. The Prilezhaev Reaction between epoxides and alkenes to form peroxyacids is named after him. Prilezhaev was the son of a clergyman and studied chemistry at the Theological Seminary in Warsaw (graduated in 1895) and then at the Univ...
                    Read more