Public bug reported:
When logging via ssh, in a context where authenticated via passwords and more
than one PAM authentication module is used, fail2ban
bans a successful login in an erroneous way.
For instance, here is a successful login:
Aug 2 20:24:23 ssh-gate sshd[4028]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=REDACTED user=REDACTED
Aug 2 20:24:23 ssh-gate sshd[4028]: Accepted password for REDACTED from
REDACTED port 58454 ssh2
Aug 2 20:24:23 ssh-gate sshd[4028]: pam_unix(sshd:session): session opened for
user REDACTED by (uid=0)
The first line reports a failed authentication using pam_unix, the
second one a successful authentication via pam_ldap.
The guilty config line in /etc/fail2ban/filter.d/sshd.conf seems to be
^%(__prefix_line)spam_unix\(sshd:auth\):\s+authentication
failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s.*$
** Affects: fail2ban (Ubuntu)
Importance: Undecided
Status: New
** Tags: xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1609666
Title:
fail2ban is too severe when pam_unix + pam_ldap are used together
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fail2ban/+bug/1609666/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
