[Sshguard-users] Blocking Failures

[Greg P. <gre...@hc...>]

I am having two issues with the 1.3 release as seen in the logs below. 
This is on a Centos4 host using the auth.log method piped to sshguard 
and not the syslog method.

1. Here the logs all have ffff in them and I am not sure why this is but 
it seems normal from some other posts out there but it fails to block. I 
have this running on a Centos3 host and it is working fine but there is 
no ffff in the log entries which I assume is causing the failure.

Jan 20 09:26:18 arnold sshd[9297]: Did not receive identification string 
from ::ffff:192.168.122.234
Jan 20 09:26:18 arnold sshd[9298]: Did not receive identification string 
from ::ffff:192.168.122.234
Jan 20 09:26:18 arnold sshguard[3308]: Blocking ::ffff:192: 2 failures 
over 0 seconds.
Jan 20 09:26:18 arnold sshguard[3308]: Blocking command failed. Exited: -1


2. The above is an internal host so I am not concerned about him other 
than the blocking is failing. From testing on an outside host it just 
registers the failed login but never even reports a block attempt there 
after I failed the login many times. Here are my params.

2 failures, in 30 minutes, block them for a month.
/usr/local/sbin/sshguard -a 2 -p 25920000 -s 1800



Thanks,
greg