Package: fail2ban Version: 0.8.2-3 when connecting with ssh keys, no password, sshd logs:
May 18 05:08:45 twinlark sshd[5681]: Failed none for dean from 10.1.1.1 port 37262 ssh2 May 18 05:08:45 twinlark sshd[5681]: Found matching RSA key: xxxx May 18 05:08:45 twinlark sshd[5681]: Found matching RSA key: xxxx May 18 05:08:45 twinlark sshd[5681]: Accepted publickey for dean from 10.1.1.1 port 37262 ssh2 and fail2ban considers the "Failed none" to be an attack... enough successful logins like this and the IP is banned. this is broken. best fix i can see is to be more explicit about the /etc/fail2ban/filter.d/sshd.conf filters, such as: ^%(__prefix_line)sFailed password for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$ ^%(__prefix_line)sFailed publickey for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$ -dean -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]