We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Cannot SSH to account after 3 failed attempts
Cannot SSH to account after 3 failed attempts
This happens occasionally due to sticky fingers or perhaps rushing when attempting to SSH. After I enter the password incorrectly several times (3?) it locks me out with an error like cannot connect (didn't write down the error). It appears to be specific to the IP address I am signing in from. To fix the problem I have to reboot my router and come up with a different IP address.
How do I fix this so that it's more forgiving?
How do I fix this so that it's more forgiving?
Re: Cannot SSH to account after 3 failed attempts
That's fail2ban working properly. It's a temporary block. Perhaps 10 minutes if memory serves. You can look up it's config right inside vestacp and adjust it if necessary, but I'd not. it's protecting you from people who would crack their way in.
Re: Cannot SSH to account after 3 failed attempts
I understand the purpose however I would like to know how to do this. I found the file:
/etc/fail2ban/jail.conf
The ban time appears to be 3600 seconds which is fine. I don't understand the syntax and correct entry where to make a change, for instance to 5 attempts for an http access or perhaps ssh. Or maybe I will wish to make it more restrictive, possibly a permanent ban for ssh.
/etc/fail2ban/jail.conf
The ban time appears to be 3600 seconds which is fine. I don't understand the syntax and correct entry where to make a change, for instance to 5 attempts for an http access or perhaps ssh. Or maybe I will wish to make it more restrictive, possibly a permanent ban for ssh.
-
- Posts: 25
- Joined: Thu Dec 30, 2021 10:04 am
- Os: CentOS 7x
- Web: apache
Re: Cannot SSH to account after 3 failed attempts
That's how fail2ban is supposed to function. It's only a temporary stumbling hurdle. If my memory serves me correctly, it was about ten minutes. You can look up the configuration right inside vestacp and make changes if needed, but I wouldn't. It's guarding you from those who would try to break in via the cracks.