rich1.0phorkiehttps://p.cweiske.de/fail2ban: immediately block ssh connects with invalid userChristian Weiske86400900900<!-- embedding all files of https://p.cweiske.de/598 -->
<link rel="stylesheet" href="https://p.cweiske.de/css/embed.css"/>
<div class="phork" id="598">
<div class="phork-file">
<div class="phork-content">
<div class="document">
<p>This works with fail2ban 0.9.6-2 on Debian 9.</p>
</div>
</div>
<div class="phork-meta">
<a href="https://p.cweiske.de/598/rev-raw/f29444715f5d1704bda3cf77e58cfb44f49ea26c/README.rst" style="float: right">view raw source</a>
<a href="https://p.cweiske.de/598#README.rst">README.rst</a>
</div>
</div>
<div class="phork-file">
<div class="phork-content">
<style type="text/css">/**
* GeSHi (C) 2004 - 2007 Nigel McNie, 2007 - 2014 Benny Baumann
* (http://qbnz.com/highlighter/ and http://geshi.org/)
*/
.ini .de1, .ini .de2 {font: normal normal 1em/1.2em monospace; margin:0; padding:0; background:none; vertical-align:top;}
.ini {font-family:monospace;}
.ini .imp {font-weight: bold; color: red;}
.ini li, .ini .li1 {color: #DDD;}
.ini .ln {width:1px;text-align:right;margin:0;padding:0 2px;vertical-align:top;}
.ini .co0 {color: #666666; font-style: italic;}
.ini .sy0 {color: #000066; font-weight:bold;}
.ini .st0 {color: #933;}
.ini .re0 {color: #000066; font-weight:bold;}
.ini .re1 {color: #000099;}
.ini .re2 {color: #660066;}
.ini span.xtra { display:block; }
</style><div class="code"><table class="ini"><tbody><tr class="li1"><td class="ln"><pre class="de1">1
2
3
4
5
6
7
8
9
10
11
12
</pre></td><td class="de1"><pre class="de1"><span class="re0"><span class="br0">[</span>INCLUDES<span class="br0">]</span></span>
<span class="re1">before</span> <span class="sy0">=</span><span class="re2"> common.conf</span>
 
<span class="re0"><span class="br0">[</span>Definition<span class="br0">]</span></span>
<span class="re1">_daemon</span> <span class="sy0">=</span><span class="re2"> sshd</span>
 
<span class="re1">failregex</span> <span class="sy0">=</span><span class="re2"> ^%<span class="br0">(</span>__prefix_line<span class="br0">)</span>s<span class="re0"><span class="br0">[</span>iI<span class="br0">]</span></span><span class="br0">(</span>?:llegal|nvalid<span class="br0">)</span> user .*? from <HOST><span class="br0">(</span>?: port \d+<span class="br0">)</span>?\s*$</span>
<span class="re1">ignoreregex</span> <span class="sy0">=</span>
 
<span class="re0"><span class="br0">[</span>Init<span class="br0">]</span></span>
<span class="re1">journalmatch</span> <span class="sy0">=</span><span class="re2"> _SYSTEMD_UNIT=sshd.service + _COMM=sshd</span>
 </pre></td></tr></tbody></table></div>
</div>
<div class="phork-meta">
<a href="https://p.cweiske.de/598/rev-raw/f29444715f5d1704bda3cf77e58cfb44f49ea26c/filter.d/sshd-invaliduser.conf" style="float: right">view raw source</a>
<a href="https://p.cweiske.de/598#filter.d/sshd-invaliduser.conf">filter.d/sshd-invaliduser.conf</a>
</div>
</div>
<div class="phork-file">
<div class="phork-content">
<style type="text/css"></style><div class="code"><table class="local"><tbody><tr class="li1"><td class="ln"><pre class="de1">1
2
3
4
5
6
7
</pre></td><td class="de1"><pre class="de1">[sshd-invaliduser]
enabled = true
maxretry = 1
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
 </pre></td></tr></tbody></table></div>
</div>
<div class="phork-meta">
<a href="https://p.cweiske.de/598/rev-raw/f29444715f5d1704bda3cf77e58cfb44f49ea26c/jail.local" style="float: right">view raw source</a>
<a href="https://p.cweiske.de/598#jail.local">jail.local</a>
</div>
</div>
</div>