在几次故意尝试登录失败后,fail2ban 禁止我访问我的服务器,但是之后我仍然可以登录。
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-ssh (1 references)
target prot opt source destination
DROP all -- dslb-xx-xx-xx-xx.pools.arcor-ip.net anywhere
RETURN all -- anywhere anywhere
cat /var/log/fail2ban.log
Ban xx.xx.xx.xx
xx.xx.xx.xx already banned
ssh [email protected] -p yyyyy
user's password:************
Linux hostname 2.6.26-2-amd64
user@hostname:~$
所以 fail2ban 告诉我我被禁止了,但我仍然可以登录。
有什么提示吗?
以下是“iptables -L”的完整输出
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-ssh (1 references)
target prot opt source destination
DROP all -- dslb-xx-xx-xx-xx.pools.arcor-ip.net anywhere
RETURN all -- anywhere anywhere
答案1
在文件 /fail2ban/jail.conf 中编辑以下内容:
[ssh]
enabled = true
filter = sshd
action = iptables[name=SSH, port="yyyy,ssh", protocol=tcp]
logpath = /var/log/sshd/current
maxretry = 3
我看到您正在为 ssh 使用了备用端口,因此,将 yyyy 替换为 sshd 守护进程正在运行的端口。
然后重新启动fail2ban。