Ubuntu
Fail2ban不禁止IP地址
我安裝
fail2ban
在 Ubuntu 20.04 伺服器上。我已經關注了一些關於如何配置它的文章,但它不起作用。我已經進行了 10 次錯誤的登錄嘗試,但仍然沒有被禁止。
/etc/fail2ban/jail.local
:[sshd] enabled = true port = 27485 filter = sshd logpath = /var/log/auth.log maxretry = 3 bantime = 4w findtime = 1d
/var/log/auth.log
:sudo: user : TTY=pts/3 ; PWD=/home/user ; USER=root ; COMMAND=/usr/bin/tail -f /var/log/auth.log sudo: pam_unix(sudo:session): session opened for user root by user(uid=0) sshd[23907]: Connection closed by authenticating user user 111.1.1.1 port 8825 [preauth] sshd[23909]: Connection closed by authenticating user user 111.1.1.1 port 8827 [preauth] sshd[23911]: Connection closed by authenticating user user 111.1.1.1 port 8828 [preauth] sshd[23913]: Connection closed by authenticating user user 111.1.1.1 port 8829 [preauth] sshd[23915]: Connection closed by authenticating user user 111.1.1.1 port 8830 [preauth]
我在這裡做錯了什麼?我跑了
systemctl status fail2ban
,它正在執行。restarted
保存配置後我也有。
你能從你的
/var/log/auth.log
.我嘗試使用不存在的使用者進行本地測試,這就是我在日誌中看到的內容(在 ubuntu 20.04 實例上)
Oct 23 16:23:48 vps-34 sshd[35253]: Invalid user adminxxx from 123.123.123.123 port 35382 Oct 23 16:23:50 vps-34 sshd[35253]: pam_unix(sshd:auth): check pass; user unknown Oct 23 16:23:50 vps-34 sshd[35253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.123.123.123 Oct 23 16:23:52 vps-34 sshd[35253]: Failed password for invalid user adminxxx from 54.38.78.234 port 35382 ssh2 Oct 23 16:23:55 vps-34 sshd[35253]: Connection closed by invalid user adminxxx 54.38.78.234 port 35382 [preauth]
顯然,除非 sshd 記錄失敗,否則fail2ban 無法獲取…
可能,您有 ssh-agent 或其他一些自動將您登錄到伺服器的方法…
你可以試試這樣的東西:
ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no -o ControlPath=none example.com
(強制它使用密碼驗證)並同時跟踪日誌:
# tail -f /var/log/auth.log