我fail2ban
在 Ubuntu 20.04 服务器上安装了它。我按照一些关于如何配置它的文章进行了操作,但它不起作用。我尝试了 10 次错误的登录,但仍然没有被禁止。
/etc/fail2ban/jail.local
:
[sshd]
enabled = true
port = 27485
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 4w
findtime = 1d
/var/log/auth.log
:
sudo: user : TTY=pts/3 ; PWD=/home/user ; USER=root ; COMMAND=/usr/bin/tail -f /var/log/auth.log
sudo: pam_unix(sudo:session): session opened for user root by user(uid=0)
sshd[23907]: Connection closed by authenticating user user 111.1.1.1 port 8825 [preauth]
sshd[23909]: Connection closed by authenticating user user 111.1.1.1 port 8827 [preauth]
sshd[23911]: Connection closed by authenticating user user 111.1.1.1 port 8828 [preauth]
sshd[23913]: Connection closed by authenticating user user 111.1.1.1 port 8829 [preauth]
sshd[23915]: Connection closed by authenticating user user 111.1.1.1 port 8830 [preauth]
我在这里做错了什么?我已经运行了systemctl status fail2ban
,它正在运行。restarted
保存配置后我也这样做了。
答案1
您 能否 提供 更多 您 的 信息/var/log/auth.log
?
我尝试使用不存在的用户进行本地测试,这是我在日志中看到的内容(在 ubuntu 20.04 实例上)
Oct 23 16:23:48 vps-34 sshd[35253]: Invalid user adminxxx from 123.123.123.123 port 35382
Oct 23 16:23:50 vps-34 sshd[35253]: pam_unix(sshd:auth): check pass; user unknown
Oct 23 16:23:50 vps-34 sshd[35253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.123.123.123
Oct 23 16:23:52 vps-34 sshd[35253]: Failed password for invalid user adminxxx from 54.38.78.234 port 35382 ssh2
Oct 23 16:23:55 vps-34 sshd[35253]: Connection closed by invalid user adminxxx 54.38.78.234 port 35382 [preauth]
显然,除非 sshd 记录失败,否则 fail2ban 无法发现它……
可能,您有 ssh-agent,或者其他可以自动将您登录到服务器的方法...
你可以尝试类似这样的方法:
ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no -o ControlPath=none example.com
(强制使用密码验证)并同时跟踪日志:
# tail -f /var/log/auth.log