From: Menno A. <mal...@sa...> - 2006-01-09 09:21:28
|
Hi, i'm trying to get fail2ban running on our servers, it seems to run but not detecting the failed logins. We are using the non-commercial version of the ssh.com sshd (not my choice) and getting the following results of a failed login in our logs: Jan 5 09:44:52 XXXXX sshd[280]: [ID 702911 auth.info] connection from "xx.xx.xx.xx" Jan 5 09:44:54 XXXXX sshd[25932]: [ID 702911 auth.warning] password authentication failed. Login to account root not allowed or account non-existent. Jan 5 09:45:02 XXXXX last message repeated 2 times Is it still possible for fail2ban to ban an IP while there is no IP in the "authentication failed" line ? And is there a way around the "last message repeated 2 times" ? regards, Menno Alkemade -- Sapienza Consulting LTD |