New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Valid SSH logins end in a ban #2799
Comments
Jail:
Execute 3 times From fail2ban.log: 2020-08-08 13:11:55,162 fail2ban.filterpyinotify[6534]: DEBUG Event queue size: 16 From auth.log: Aug 8 13:11:54 test1 sshd[6540]: Accepted publickey for root from N.N.N.N port 55342 ssh2: RSA SHA256:... |
Yes, although it's matching this RE (due to helper tag Also see #2632 for similar issue. Anyway if I try fail2ban-regex with your excerpt, I see no failure generated:
|
The following regex matches valid logins
^<F-MLFFORGET><F-MLFGAINED>Accepted \w+</F-MLFGAINED></F-MLFFORGET> for <F-USER>\S+</F-USER> from <HOST>(?:\s|$)
You can reproduce it with:
ssh n.n.n.n date
Log:
Aug 8 12:10:41 test1 sshd[5657]: Accepted publickey for root from n.n.n.n port 54872 ssh2: RSA SHA256:...
Aug 8 12:10:41 test1 sshd[5657]: Received disconnect from n.n.n.n port 54872:11: disconnected by user
Aug 8 12:10:41 test1 sshd[5657]: Disconnected from user root n.n.n.n port 54872
Valid logins shouldn't end in a ban.
Edit: using sshd.conf from latest commit
The text was updated successfully, but these errors were encountered: