Difference between revisions of "OpenSSH"

From Fail2ban
Jump to: navigation, search
 
Line 2: Line 2:
 
{{Source|From Wikipedia, the free encyclopedia}}
 
{{Source|From Wikipedia, the free encyclopedia}}
  
{{Logging_Outputs}}
 
  
 
+
OpenSSH has been supported by fail2ban for a long time. Nothing special to write here.
<div style="padding: 1em;border: 1px dashed #2f6fab;color: black;background-color: #f9f9f9;line-height: 1.1em;">
+
* Aug 14 11:52:00 i60p295 sshd[11437]: Failed password for illegal user test123 from ::ffff:123.123.123.123 port 51381 ssh2
+
* Aug 14 11:57:59 i60p295 sshd[12365]: Failed publickey for toto from ::ffff:123.123.123.123 port 51332 ssh2
+
</div>
+
 
+
 
+
{{Failregex}}
+
 
+
 
+
<div style="padding: 1em;border: 1px dashed #2f6fab;color: black;background-color: #f9f9f9;line-height: 1.1em;">
+
* Authentication failure for .* from <HOST>
+
* Failed [-/\w]  for .* from <HOST>
+
* ROOT LOGIN REFUSED .* FROM <HOST>
+
* [iI](?:llegal|nvalid) user .* from <HOST>
+
</div>
+
 
+
 
+
== Penalty for invalid user ==
+
 
+
'''sshdfilter''' has a penalty for invalid users. In other words, invalid users may get 2 attempts while invalid password for valid users get 5 attempts.  How can that be done in fail2ban?
+
 
+
A convincing argument against doing this says that it lets an attacker know whether or not a username is valid, and thus dramatically decreases the search space of a brute-force attack.
+
  
 
== Log IP Addresses ==
 
== Log IP Addresses ==

Latest revision as of 03:26, 15 March 2014

OpenSSH (Open Secure Shell) is a set of free software computer programs providing encrypted communication sessions over a computer network using the SSH protocol. It was created as an open alternative to the proprietary Secure Shell software. The project is led by Theo de Raadt from Calgary, Alberta in Canada.

From Wikipedia, the free encyclopedia


OpenSSH has been supported by fail2ban for a long time. Nothing special to write here.

Log IP Addresses

In your OpenSSH config (frequently /etc/ssh/sshd_config), include the line

UseDNS no