We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Fail2Ban port number for SSH
-
- Posts: 22
- Joined: Fri Jun 20, 2014 8:35 am
Fail2Ban port number for SSH
So as most of you I am running shell access on an alternative port, let's say 2220 as an example.
Fail 2 band is listening for attempts on ssh via the ssh port number right? IE 22? How do I change this to the port number sshd is listening on so I can prevent brute force attempts on my box.
I have amended jail.conf to say:
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=2220, protocol=tcp]
sendmail-whois[name=SSH, dest=[email protected], sender=[email protected], sendername="Fail2Ban"]
logpath = /var/log/secure
maxretry = 5
And restarted the service but I can still hammer ssh with Hydra. Any ideas guys?
Thanks.
Fail 2 band is listening for attempts on ssh via the ssh port number right? IE 22? How do I change this to the port number sshd is listening on so I can prevent brute force attempts on my box.
I have amended jail.conf to say:
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=2220, protocol=tcp]
sendmail-whois[name=SSH, dest=[email protected], sender=[email protected], sendername="Fail2Ban"]
logpath = /var/log/secure
maxretry = 5
And restarted the service but I can still hammer ssh with Hydra. Any ideas guys?
Thanks.
Re: Fail2Ban port number for SSH
You could try and edit the right file and then restart fail2ban again.
;-)
Code: Select all
/etc/fail2ban/jail.local
-
- Posts: 22
- Joined: Fri Jun 20, 2014 8:35 am
Re: Fail2Ban port number for SSH
What do I amend in this file exactly ?
[ssh-iptables]
enabled = true
filter = sshd
action = vesta[name=SSH]
logpath = /var/log/secure
maxretry = 5
Ta.
[ssh-iptables]
enabled = true
filter = sshd
action = vesta[name=SSH]
logpath = /var/log/secure
maxretry = 5
Ta.
Re: Fail2Ban port number for SSH
Anything or everything you're written or changed in jail.conf... Just the fact that you haven't seen the port option in jail.local by default, doesn't mean you can't use it. The default fail2ban configuration file is jail.conf, but the configuration work should not be done in that file, hence we use a local copy of it. This is common fail2ban practice, not just in Vesta. You should make all of your desired configuration changes within the jail.local file.Ghillie-up wrote:What do I amend in this file exactly ?
-
- Posts: 22
- Joined: Fri Jun 20, 2014 8:35 am
Re: Fail2Ban port number for SSH
Ahh, makes sense. I have never used fail2ban before and the topics on serverfault suggest using .conf not .local hence where i went wrong.
Does fail2ban have logs itself ? I can see IPtables is injecting a rule but yet I am still hammering ssh with passwords. It's like it's oblivious.
Does fail2ban have logs itself ? I can see IPtables is injecting a rule but yet I am still hammering ssh with passwords. It's like it's oblivious.