MIAB SSH -> fail2ban


#1

Hi there,

today i saw some break-in-attempts to SSH

box sshd[28799]: Received disconnect from 119.147.144.140: 11: Bye Bye [preauth]

(average 50 per min)

fail2ban does not anything, so i helped me with hosts.deny/allow.
Why fail2ban does not recognize these false logins?

greetings,
guenther


#2

Do you habe fail2ban configured correctly? I use fail2ban on ALL my servers, and it does indeed block as its instructed to do.

Here is a quick guide I found on 14.04 : https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04


#3

Are you on the latest version? If so does the status checks report that the firewall is working? Can you post the output of

fail2ban-client status

#4

Sorry for late answer.

fail2ban settings are default (via miab-setup), firewall ufw is working.

root@box:~# fail2ban-client status
Status
|- Number of jail: 10
`- Jail list: miab-munin, recidive, miab-owncloud, miab-postfix587, ssh-ddos, miab-management, ssh, sasl, dovecot, miab-roundcube