Bans for 1 failed login. If you typo your userid or password on my
systems your ip is banned. I also only allow keys for authentications
so if you try a password you don't belong here.
[ssh-iptables]
enabled = false
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=me@domain, sender=fail2ban@domain]
logpath = /var/log/secure
mode = aggressive
maxretry = 1
bantime = 1209600
On 3/14/2022 10:48 AM, Harold Hallikainen via Fail2ban-users wrote:
Sorry if this is an old question or one with an obvious solution. I have
been using fail2ban for quite a while and really like it! But, in
reviewing logs, I see hundreds of ssh login attempts each day where there
is only one attempt per IP address. I suspect this is a bot net and would
like to ban them. Is there a command line method of telling to fail2ban to
ban ALL failures (not just multiple) in the past day (or other preiod)?
THANKS!
Harold
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
