sshguard-users

[Sshguard-users] ssh-guard blocking ansible connections

[Eric C. <er...@cr...>]

Hi folks,

I'm new to ssh-guard and just installed in one of my servers to try it out.
The problem I'm facing is that I use an automation tool (ansible) for
server setup and maintenance that works on top of ssh and therefore it does
open multiple ssh connections in short period of time, which seems to be
triggering ssh-guard alarms.

Since all those connections are properly authenticated (using key pairs)
shouldn't ssh-guard not block them?

Is it possible, apart from disabling ssh-guard during maintenance, to
somehow whitelist my ip address?

Thanks in advance for any help,

--
Eric Chaves

Re: [Sshguard-users] ssh-guard blocking ansible connections

[Richard J. <rjt...@sa...>]

On Sun, Dec 01, 2013 at 06:02:45PM -0200, Eric Chaves wrote:
> Since all those connections are properly authenticated (using key pairs)
> shouldn't ssh-guard not block them?

I expect the intent is to consider authenticated connections safe.

You may be missing the 'successful' part of the signal in the logs that
sshguard sees.  Without more details on your sshd make (OpenSSH, dropbear,
other?) and version, as well as on your logging setup and  your sshguard's
view of those logs, it's not possible to tell.

> Is it possible, apart from disabling ssh-guard during maintenance, to
> somehow whitelist my ip address?

Have you consiered multiplexing the ssh sessions opened by ansible under
the first/master ssh connection (c.f ControlMaster in ssh_config(5) for
OpenSSH)?

Have you considered adjusting your firewall rules to allow connections
from the ansible system before sshguard blocking is applied?


Richard