> do you mean /etc/fail2ban/filter.d/sshd-root.conf ? Yes, of course. Sorry about the mistake.
> also would you be so kind to test with the latest release? backport > is avail from http://neuro.debian.net/repository This is a production server and I can't afford any downtime. Therefore I am very reluctant to install anything except security updates, even though in this case the risk is almost non existant. I think for the moment I'll disable my custom jail. Since ssh root access is disabled, my intention was to ban anyone who tries immediately, but I think I can live with giving them a few more tries. Nevertheless, even if it doesn't get fixed it would be desirable to at least have a warning in the documentation, as this bug quietly makes jails ineffective and leaves the server open to bruteforce attacks. Furthermore, it only occurs upon the second log rotation which makes it even harder to detect. I realized only after I looked at the logs and detected a particular IP who kept trying random accounts once a minute for about 7 hours. Following that, it took me another few days to understand what was happening... -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
