[SOLVED] What part of the Fail2Ban configuration is wrong?

Jason.nix · 02-26-2024, 04:21 AM

Hello,
The SSH part of Fail2ban is as follows:

Code:

[sshd]
enabled = true
port    = 22
logpath = /var/log/ssh-fail2ban.log
backend = %(sshd_backend)s
maxretry  = 2
findtime  = 10
bantime   = 4w

I connected to the host and entered the wrong SSH password a few times, but I was not blocked. Why?

Thank you.

TenTenths · 02-26-2024, 06:19 AM

Quote:

Originally Posted by Jason.nix

I connected to the host and entered the wrong SSH password a few times, but I was not blocked. Why?

Because your Fail2Ban config doesn't make sense.

Quote:

Originally Posted by Jason.nix

Code:

logpath = /var/log/ssh-fail2ban.log

That's supposed to be the path to the log containing the authentication errors, not where F2B will log its activity.

bitfuzzy · 02-26-2024, 07:42 AM

Try

Code:

logpath = %(sshd_log)s

bitfuzzy · 02-26-2024, 07:48 AM

IMO you might want to consider allowing connections to SSH from only trusted IP's and BLOCK access to all others
Though this works best where connecting clients are using Static IP's.

It's not meant to replace fail2ban's ssh policy, but to act as your first line of defense.

Jason.nix · 02-26-2024, 10:53 AM

Quote:

Originally Posted by bitfuzzy

Try

Code:

logpath = %(sshd_log)s

Hello,
Thank you so much for your reply.
When I use logpath = %(sshd_log)s, then when I restart the Fail2Ban service I get the following error message:

Quote:

Failed during configuration: Have not found any log file for sshd jail.

bitfuzzy · 02-26-2024, 02:03 PM

Check /etc/fail2ban/

You should have a file named paths-common.conf

Make a copy of the file and name it paths-common.local

open the file and search for sshd

If you don't find sshd_log add:

Code:

sshd_log = %(syslog_authpriv)s

If you don't find sshd_backend also add:

Code:

sshd_backend = %(default_backend)s

Restart fail2ban and see if that helps

Ken

Jason.nix · 02-26-2024, 11:45 PM

Quote:

Originally Posted by bitfuzzy

Check /etc/fail2ban/

You should have a file named paths-common.conf

Make a copy of the file and name it paths-common.local

open the file and search for sshd

If you don't find sshd_log add:

Code:

sshd_log = %(syslog_authpriv)s

If you don't find sshd_backend also add:

Code:

sshd_backend = %(default_backend)s

Restart fail2ban and see if that helps

Ken

Hello,
Thank you so much for your reply.
After this I restarted the Fail2Ban service and got the following errors:

Code:

[715]: ERROR   Failed during configuration: Have not found any log file for sshd jail
[715]: ERROR   Async configuration of server failed

In the jail.local file, I changed the backend value from %(sshd_backend)s to systemd and the problem was solved.