Re: [Sshguard-users] ssh-guard blocking ansible connections

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Sun, Dec 01, 2013 at 06:02:45PM -0200, Eric Chaves wrote:
> Since all those connections are properly authenticated (using key pairs)
> shouldn't ssh-guard not block them?

I expect the intent is to consider authenticated connections safe.

You may be missing the 'successful' part of the signal in the logs that
sshguard sees.  Without more details on your sshd make (OpenSSH, dropbear,
other?) and version, as well as on your logging setup and  your sshguard's
view of those logs, it's not possible to tell.

> Is it possible, apart from disabling ssh-guard during maintenance, to
> somehow whitelist my ip address?

Have you consiered multiplexing the ssh sessions opened by ansible under
the first/master ssh connection (c.f ControlMaster in ssh_config(5) for
OpenSSH)?

Have you considered adjusting your firewall rules to allow connections
from the ansible system before sshguard blocking is applied?

Richard

Re: [Sshguard-users] ssh-guard blocking ansible connections

Intelligently block brute-force attacks by aggregating system logs

Re: [Sshguard-users] ssh-guard blocking ansible connections