Fail2ban running on CentOS 7 & getting “ssh connection refused”

centos7fail2ban

Is anyone successfully running fail2ban on CentOS 7 and can tell me how to do it?

I tried to install fail2ban with yum install fail2ban and run it (there are no extra rules in iptables -L which seems odd according to what I found on the net).

As soon as I reboot the server I can't login as root or other user via ssh. The ports are not visible when scanning and of course I get this error when I try to connect:

ssh: connect to host XXX.XXX.XXX.XXX port 12321: Connection refused 

I changed the ssh port, but I also tried it with port 22 without luck.

I wonder if someone knows a solutions to this problem?

It has to be a problem with fail2ban because I didn't install anything else.


UPDATE
I can log in via ssh after reboot. But no html page is served. Output of iptables -L:

Chain INPUT (policy ACCEPT) target prot opt source
destination f2b-sshd tcp — anywhere anywhere
multiport dports ssh ACCEPT all — anywhere anywhere
ctstate RELATED,ESTABLISHED ACCEPT all — anywhere
anywhere INPUT_direct all — anywhere
anywhere INPUT_ZONES_SOURCE all — anywhere
anywhere INPUT_ZONES all — anywhere
anywhere ACCEPT icmp — anywhere anywhere
REJECT all — anywhere anywhere
reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT) target prot opt source
destination ACCEPT all — anywhere anywhere
ctstate RELATED,ESTABLISHED ACCEPT all — anywhere
anywhere FORWARD_direct all — anywhere
anywhere FORWARD_IN_ZONES_SOURCE all — anywhere
anywhere FORWARD_IN_ZONES all — anywhere
anywhere FORWARD_OUT_ZONES_SOURCE all — anywhere
anywhere FORWARD_OUT_ZONES all — anywhere
anywhere ACCEPT icmp — anywhere anywhere
REJECT all — anywhere anywhere
reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT) target prot opt source
destination OUTPUT_direct all — anywhere
anywhere

Chain FORWARD_IN_ZONES (1 references) target prot opt source
destination FWDI_public all — anywhere
anywhere [goto] FWDI_public all — anywhere
anywhere [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references) target prot opt
source destination

Chain FORWARD_OUT_ZONES (1 references) target prot opt source
destination FWDO_public all — anywhere
anywhere [goto] FWDO_public all — anywhere
anywhere [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references) target prot opt
source destination

Chain FORWARD_direct (1 references) target prot opt source
destination

Chain FWDI_public (2 references) target prot opt source
destination FWDI_public_log all — anywhere
anywhere FWDI_public_deny all — anywhere
anywhere FWDI_public_allow all — anywhere
anywhere

Chain FWDI_public_allow (1 references) target prot opt source
destination

Chain FWDI_public_deny (1 references) target prot opt source
destination

Chain FWDI_public_log (1 references) target prot opt source
destination

Chain FWDO_public (2 references) target prot opt source
destination FWDO_public_log all — anywhere
anywhere FWDO_public_deny all — anywhere
anywhere FWDO_public_allow all — anywhere
anywhere

Chain FWDO_public_allow (1 references) target prot opt source
destination

Chain FWDO_public_deny (1 references) target prot opt source
destination

Chain FWDO_public_log (1 references) target prot opt source
destination

Chain INPUT_ZONES (1 references) target prot opt source
destination IN_public all — anywhere anywhere
[goto] IN_public all — anywhere anywhere
[goto]

Chain INPUT_ZONES_SOURCE (1 references) target prot opt source
destination

Chain INPUT_direct (1 references) target prot opt source
destination

Chain IN_public (2 references) target prot opt source
destination IN_public_log all — anywhere
anywhere IN_public_deny all — anywhere
anywhere IN_public_allow all — anywhere
anywhere

Chain IN_public_allow (1 references) target prot opt source
destination ACCEPT tcp — anywhere anywhere
tcp dpt:ssh ctstate NEW

Chain IN_public_deny (1 references) target prot opt source
destination

Chain IN_public_log (1 references) target prot opt source
destination

Chain OUTPUT_direct (1 references) target prot opt source
destination

Chain f2b-sshd (1 references) target prot opt source
destination RETURN all — anywhere anywhere

Best Answer

I installed ~20 CentOS 7 servers with fail2ban out of the box and the default configuration is very open so a "connection refused" comes only after 5 failed login tries.

CentOS 7 now uses firewalld, but a rule for ssh(22) is set up per default. If you change the ssh port in sshd_config, you also have to adjust the firewalld-rule, i.e.:

 firewall-cmd --zone=public --add-port=12321/tcp --permanent

Remember to run firewall-cmd --reload after changing configuration.

Better you just test with a fresh reinstall of CentOS, install fail2ban, restart and I can’t see any reason why you shouldn't be able to login if it worked before (make sure that eth0 is up and has an IP address! I tend to forget "autoconnect" at installation time)

Related Topic