Why Is Fail2Ban & DenyHosts Not Working?

Question

I installed and configured Fail2Ban first to get some form of protection on the SSH port I am using. Unfortunately, testing shows that it is simply not working. Can someone give me some hints as to what is going on? I have used a non-standard SSH port. Do I need to make Fail2Ban and DenyHosts aware of this?

What is the MINIMAL configuration I need to do so I can test to see if this application is actually blocking failed logins? It’s simply not blocking failed logins. I could try logging in all day, still no banning going on. I am using Centos 6.5.

Answer 1

kamaln7 July 27, 2015

You generally need to run either Fail2ban or DenyHosts, but not both. DenyHosts watches the SSH service for failed logins while Fail2ban does that too but can also watch other services as well.

You do need to let fail2ban know about the new SSH port, otherwise it’ll just block connections to port 22 which would not have any effect on the SSH service. The fail2ban SSH config should look like this:

[ssh]

enabled  = true
port     = 4444
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 2

Replace 4444 with your SSH port.

Reply Report

Related

Question

Why Is Fail2Ban & DenyHosts Not Working?

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

Why Is Fail2Ban & DenyHosts Not Working?

Related

Leave a comment

Related

question

ISIS hack on my server / droplet

question

Game Server DDoS Attack??

question

How do I put my SSH key on my droplet? (Publickey,password in particular)

question

"freebsd-update install" command fails on FreeBSD 10.1-RELEASE

Looking for something else?