I run ssh through a VPN tunnel, so the attempts never show up I had been banning them, however it ended up turning into a problem because my drop rules list was getting huge and causing a performance problem.
On June 3, 2019 2:54:57 PM EDT, "Preston, Douglas via Fail2ban-users" <fail2ban-users@lists.sourceforge.net> wrote: >I require keys for ssh, any invalid password attempt gets banned after >1 >try. > >On 6/2/2019 8:05 AM, Kenneth Porter wrote: >> I've noticed that almost all the ssh attacks on my hosts are against >> usernames not remotely similar to legitimate users on my machine. >> They're mostly service names or the names of admin logins for >routers. >> >> Is there some way to look for just those attempts, perhaps based on a > >> list of commonly-attacked usernames, and instantly ban them without >> waiting for retries? The logic I'd need is something that matches the > >> username against a list, perhaps loaded from a file. >> >> >> >> >> >> _______________________________________________ >> Fail2ban-users mailing list >> Fail2ban-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > >_______________________________________________ >Fail2ban-users mailing list >Fail2ban-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
