My fail2ban is not working for sshd except for the default port 22/tcp.
My old, working config in jail.local:
[sshd]
enabled = true
port = ssh
Tested fail2ban, did ban me after 3 failed attempts as intended.
I explicitly specified a different port afterwards in jail.local; ssh tunnel works on the new port, but when I consciously err with wrong ssh password I do not receive a ban after any number of attempts.
sshd.service, fail2ban.service already restarted, also tried rebooting.
I DO get the email message about being banned, however, I can still (successfully) attempt to log in.
Edit: This is the pastebin of fail2ban-client -d | grep 'ssh'
Best Answer
Something may be not correct in your configuration.
For example, fail2ban default jail section for sshd is
[sshd]
, whereas your example shows[ssh]
. Do you have 2 jails? Or did you make some customization with own jail or defaults? (for instance defaultaction
is overwritten).To inspect it deeper you could show the dump of fail2ban (merged) configuration:
Interesting are the values of actionstart (and actionban) and whether the port is interpolated in the action definitions.
Small hint: for customization (if you need to overwrite the
action
for some reason), either set thebanaction
only (it will be interpolated in defaultaction
declaration):or use all parameters the action expects:
Otherwise the action could use its default port (which may be indeed 22).