Question

Why Is Fail2Ban & DenyHosts Not Working?

Posted July 26, 2015 3k views
Security

I installed and configured Fail2Ban first to get some form of protection on the SSH port I am using. Unfortunately, testing shows that it is simply not working. Can someone give me some hints as to what is going on? I have used a non-standard SSH port. Do I need to make Fail2Ban and DenyHosts aware of this?

What is the MINIMAL configuration I need to do so I can test to see if this application is actually blocking failed logins? It’s simply not blocking failed logins. I could try logging in all day, still no banning going on. I am using Centos 6.5.

Add a comment
GreenLED
By:
GreenLED
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer
kamaln7 July 27, 2015

You generally need to run either Fail2ban or DenyHosts, but not both. DenyHosts watches the SSH service for failed logins while Fail2ban does that too but can also watch other services as well.

You do need to let fail2ban know about the new SSH port, otherwise it’ll just block connections to port 22 which would not have any effect on the SSH service. The fail2ban SSH config should look like this:

[ssh]

enabled  = true
port     = 4444
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 2

Replace 4444 with your SSH port.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help