{"type":"rich","version":"1.0","provider_name":"phorkie","provider_url":"https:\/\/p.cweiske.de\/","title":"fail2ban: immediately block ssh connects with invalid user","author_name":"Christian Weiske","cache_age":86400,"width":900,"height":900,"html":"<!-- embedding all files of https:\/\/p.cweiske.de\/598 -->\n<link rel=\"stylesheet\" href=\"https:\/\/p.cweiske.de\/css\/embed.css\"\/>\n<div class=\"phork\" id=\"598\">\n    <div class=\"phork-file\">\n <div class=\"phork-content\">\n  \n<div class=\"document\">\n\n\n<p>This works with fail2ban 0.9.6-2 on Debian 9.<\/p>\n<\/div>\n\n <\/div>\n <div class=\"phork-meta\">\n  <a href=\"https:\/\/p.cweiske.de\/598\/rev-raw\/f29444715f5d1704bda3cf77e58cfb44f49ea26c\/README.rst\" style=\"float: right\">view raw source<\/a>\n  <a href=\"https:\/\/p.cweiske.de\/598#README.rst\">README.rst<\/a>\n <\/div>\n<\/div>\n    <div class=\"phork-file\">\n <div class=\"phork-content\">\n  <style type=\"text\/css\">\/**\n * GeSHi (C) 2004 - 2007 Nigel McNie, 2007 - 2014 Benny Baumann\n * (http:\/\/qbnz.com\/highlighter\/ and http:\/\/geshi.org\/)\n *\/\n.ini .de1, .ini .de2 {font: normal normal 1em\/1.2em monospace; margin:0; padding:0; background:none; vertical-align:top;}\n.ini  {font-family:monospace;}\n.ini .imp {font-weight: bold; color: red;}\n.ini li, .ini .li1 {color: #DDD;}\n.ini .ln {width:1px;text-align:right;margin:0;padding:0 2px;vertical-align:top;}\n.ini .co0 {color: #666666; font-style: italic;}\n.ini .sy0 {color: #000066; font-weight:bold;}\n.ini .st0 {color: #933;}\n.ini .re0 {color: #000066; font-weight:bold;}\n.ini .re1 {color: #000099;}\n.ini .re2 {color: #660066;}\n.ini span.xtra { display:block; }\n<\/style><div class=\"code\"><table class=\"ini\"><tbody><tr class=\"li1\"><td class=\"ln\"><pre class=\"de1\">1\n2\n3\n4\n5\n6\n7\n8\n9\n10\n11\n12\n<\/pre><\/td><td class=\"de1\"><pre class=\"de1\"><span class=\"re0\"><span class=\"br0\">&#91;<\/span>INCLUDES<span class=\"br0\">&#93;<\/span><\/span>\n<span class=\"re1\">before<\/span> <span class=\"sy0\">=<\/span><span class=\"re2\"> common.conf<\/span>\n&#160;\n<span class=\"re0\"><span class=\"br0\">&#91;<\/span>Definition<span class=\"br0\">&#93;<\/span><\/span>\n<span class=\"re1\">_daemon<\/span> <span class=\"sy0\">=<\/span><span class=\"re2\"> sshd<\/span>\n&#160;\n<span class=\"re1\">failregex<\/span> <span class=\"sy0\">=<\/span><span class=\"re2\"> ^%<span class=\"br0\">&#40;<\/span>__prefix_line<span class=\"br0\">&#41;<\/span>s<span class=\"re0\"><span class=\"br0\">&#91;<\/span>iI<span class=\"br0\">&#93;<\/span><\/span><span class=\"br0\">&#40;<\/span>?:llegal|nvalid<span class=\"br0\">&#41;<\/span> user .*? from &lt;HOST&gt;<span class=\"br0\">&#40;<\/span>?: port \\d+<span class=\"br0\">&#41;<\/span>?\\s*$<\/span>\n<span class=\"re1\">ignoreregex<\/span> <span class=\"sy0\">=<\/span> \n&#160;\n<span class=\"re0\"><span class=\"br0\">&#91;<\/span>Init<span class=\"br0\">&#93;<\/span><\/span>\n<span class=\"re1\">journalmatch<\/span> <span class=\"sy0\">=<\/span><span class=\"re2\"> _SYSTEMD_UNIT=sshd.service + _COMM=sshd<\/span>\n&#160;<\/pre><\/td><\/tr><\/tbody><\/table><\/div>\n <\/div>\n <div class=\"phork-meta\">\n  <a href=\"https:\/\/p.cweiske.de\/598\/rev-raw\/f29444715f5d1704bda3cf77e58cfb44f49ea26c\/filter.d\/sshd-invaliduser.conf\" style=\"float: right\">view raw source<\/a>\n  <a href=\"https:\/\/p.cweiske.de\/598#filter.d\/sshd-invaliduser.conf\">filter.d\/sshd-invaliduser.conf<\/a>\n <\/div>\n<\/div>\n    <div class=\"phork-file\">\n <div class=\"phork-content\">\n  <style type=\"text\/css\"><\/style><div class=\"code\"><table class=\"local\"><tbody><tr class=\"li1\"><td class=\"ln\"><pre class=\"de1\">1\n2\n3\n4\n5\n6\n7\n<\/pre><\/td><td class=\"de1\"><pre class=\"de1\">[sshd-invaliduser]\r\nenabled = true\r\nmaxretry = 1\r\nport &#160; &#160;= ssh\r\nlogpath = %(sshd_log)s\r\nbackend = %(sshd_backend)s\r\n&#160;<\/pre><\/td><\/tr><\/tbody><\/table><\/div>\n <\/div>\n <div class=\"phork-meta\">\n  <a href=\"https:\/\/p.cweiske.de\/598\/rev-raw\/f29444715f5d1704bda3cf77e58cfb44f49ea26c\/jail.local\" style=\"float: right\">view raw source<\/a>\n  <a href=\"https:\/\/p.cweiske.de\/598#jail.local\">jail.local<\/a>\n <\/div>\n<\/div>\n<\/div>\n"}