fail2ban: immediately block ssh connects with invalid user
This works with fail2ban 0.9.6-2 on Debian 9.
1 2 3 4 5 6 7 8 9 10 11 12 | [INCLUDES] before = common.conf [Definition] _daemon = sshd failregex = ^%(__prefix_line)s[iI](?:llegal|nvalid) user .*? from <HOST>(?: port \d+)?\s*$ ignoreregex = [Init] journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd |
1 2 3 4 5 6 7 | [sshd-invaliduser] enabled = true maxretry = 1 port = ssh logpath = %(sshd_log)s backend = %(sshd_backend)s |
