Hi Colin. On Sun, 2011-07-24 at 11:02 +0100, Colin Watson wrote: > Did this work as you expect in some previous version? Which one? Yes definitely,.. but unfortunately,.. I don not remember which one..
> If you use 'LogLevel VERBOSE', does that help? > > Can you provide some examples of log messages that fail2ban is noticing > and banning? The problem isn't fail2ban,... it's that sshd doesn't log these attempts at all... But your idea (don't know why I didn't come up with this myself) with LogLevel helped! Now (with VERBOSE) messages like the following get logged to auth.log: Jul 27 22:33:29 hilbert sshd[4542]: Set /proc/self/oom_score_adj to 0 Jul 27 22:33:29 hilbert sshd[4542]: Connection from 129.187.131.203 port 33023 Jul 27 22:33:30 hilbert sshd[4542]: Failed publickey for root from 129.187.131.203 port 33023 ssh2 Jul 27 22:33:30 hilbert sshd[4544]: Set /proc/self/oom_score_adj to 0 Jul 27 22:33:30 hilbert sshd[4544]: Connection from 129.187.131.203 port 33024 Jul 27 22:33:31 hilbert sshd[4544]: Failed publickey for root from 129.187.131.203 port 33024 ssh2 fail2ban also detects them now (I guess it goes for the "Failed pub..")... So the problem seems to be, that those messages are no longer logged in the default LogLevel. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature