I'm (trying to) log into my website/s via ssh. If I make a single (1) error then I am locked out for approx. 30 mins. This makes it very hard to fix/debug. The expected behaviour is to make several errors, typically three (3) but whatever is configured, and then ban the IP for a period of time, typically 30 mins. What makes this more complicated to track down is I'm not sure which tool is placing this ban on my IP. It could be fail2ban. I'm using a vanilla installation and don't see anything in the logs regarding my IP. Or it could be something else, but I see nothing to indicate what is going on under /var/log/* It's very odd. The only message I get at the client end is: Code: ssh: connect to host myhost port 22: Connection timed out If I can manage to get back on again today I'll be digging through the logs some more. In the meantime, I'm very stuck! I know what this is now, see reply below. Leaving it here in case it helps some other poor soul.
Ok, think I found it in the auth.log. It's not fail2ban at all, it's sshguard! Code: ==> auth.log <== Apr 27 09:16:56 myhost sshd[20155]: Connection closed by 128.98.42.71 port 42746 [preauth] Apr 27 09:16:56 myhost sshguard[501]: Attack from "128.98.42.71" on service 100 with danger 2. Apr 27 09:16:57 myhost sshguard[501]: Attack from "128.98.42.71" on service 110 with danger 10. Apr 27 09:16:57 myhost sshguard[501]: Blocking "128.98.42.71/32" for 3840 secs (4 attacks in 1 secs, after 6 abuses over 92908 secs.) Progress...
You can set up login using SSH keys. Then there is no risk of typing wrong password (Unless you set up password for the key). https://www.hackinglinuxexposed.com/articles/20021211.html
yep, Till, I get that. I assume I installed it at some time in a fit of security-minded fervour. Then forgot about it and assumed it was related to ISPConfig. Apologies for disturbing you good folks here with my bad. I meant well. ps. Thanks again for all the good work you do here supporting the ISPConfig userbase (us).
Instead of some obscure guard software, you should have a look into key based authentification[1] and 2FA [2] ;-) [1] https://help.ubuntu.com/community/SSH/OpenSSH/Keys [2] https://ubuntu.com/tutorials/configure-ssh-2fa#1-overview
yep, got that already. The OP was about when the wrong key was used. It's all ok now though, and thanks for the tips, everybody
