On 2021-08-16T16:58:46, Allan Wind wrote:
2021-08-16T04:10:35.924+00:00 pawan sshd[424228]: error:
kex_exchange_identification: Connection closed by remote host
2021-08-16T04:10:35.924+00:00 pawan sshd[424228]: Connection closed by
205.185.113.128 port 35352
I am using mode=aggressive but found that the events are being
(silently) ignored (ugh).
Upon careful review of sshd.conf (identical to master) it appears
that this only works if you modify the sshd_config to enable
LogLevel VERBOSE which cause sshd to omit an additional log event
(obviously for a different port):
2021-08-17T02:01:59.674+00:00 pawan sshd[604981]: Connection from 213.202.233.91 port
41152 on 71.126.254.78 port 22 rdomain ""
which then permits prefregex to match on that line to establish
the session. The comment in the sshd.conf was not helpful to me,
as it talks about how to enable the "Connection from" event,
but it should talk about why you want to do that, i.e. the
lines of filters without a HOST argument.
/Allan
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
