Package: fail2ban
Version: 0.8.2-3
when connecting with ssh keys, no password, sshd logs:
May 18 05:08:45 twinlark sshd[5681]: Failed none for dean from 10.1.1.1 port
37262 ssh2
May 18 05:08:45 twinlark sshd[5681]: Found matching RSA key: xxxx
May 18 05:08:45 twinlark sshd[5681]: Found matching RSA key: xxxx
May 18 05:08:45 twinlark sshd[5681]: Accepted publickey for dean from 10.1.1.1
port 37262 ssh2
and fail2ban considers the "Failed none" to be an attack... enough
successful logins like this and the IP is banned. this is broken.
best fix i can see is to be more explicit about the
/etc/fail2ban/filter.d/sshd.conf filters, such as:
^%(__prefix_line)sFailed password for .* from <HOST>(?: port
\d*)?(?: ssh\d*)?$
^%(__prefix_line)sFailed publickey for .* from <HOST>(?: port
\d*)?(?: ssh\d*)?$
-dean
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
