GreenLED
By:
GreenLED

Why Is Fail2Ban & DenyHosts Not Working?

July 26, 2015 1.4k views
Security

I installed and configured Fail2Ban first to get some form of protection on the SSH port I am using. Unfortunately, testing shows that it is simply not working. Can someone give me some hints as to what is going on? I have used a non-standard SSH port. Do I need to make Fail2Ban and DenyHosts aware of this?

What is the MINIMAL configuration I need to do so I can test to see if this application is actually blocking failed logins? It's simply not blocking failed logins. I could try logging in all day, still no banning going on. I am using Centos 6.5.

1 Answer

You generally need to run either Fail2ban or DenyHosts, but not both. DenyHosts watches the SSH service for failed logins while Fail2ban does that too but can also watch other services as well.

You do need to let fail2ban know about the new SSH port, otherwise it'll just block connections to port 22 which would not have any effect on the SSH service. The fail2ban SSH config should look like this:

[ssh]

enabled  = true
port     = 4444
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 2

Replace 4444 with your SSH port.

Have another answer? Share your knowledge.