经过几次故意不成功的login尝试失败,2ban已经禁止我从我的服务器,但我仍然可以login后。
# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (1 references) target prot opt source destination DROP all -- dslb-xx-xx-xx-xx.pools.arcor-ip.net anywhere RETURN all -- anywhere anywhere cat /var/log/fail2ban.log Ban xx.xx.xx.xx xx.xx.xx.xx already banned ssh [email protected] -p yyyyy user's password:************ Linux hostname 2.6.26-2-amd64 user@hostname:~$ 所以fail2ban告诉我,我被禁止,但我仍然可以login。
任何提示?
这里是“iptables -L”的输出
Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (1 references) target prot opt source destination DROP all -- dslb-xx-xx-xx-xx.pools.arcor-ip.net anywhere RETURN all -- anywhere anywhere
在文件/fail2ban/jail.conf中编辑以下内容:
[ssh] enabled = true filter = sshd action = iptables[name=SSH, port="yyyy,ssh", protocol=tcp] logpath = /var/log/sshd/current maxretry = 3
我已经看到你正在使用一个替代端口的SSH所以,取代YYYY是sshd deamon运行的端口。
然后重新启动fail2ban。