Fail2Ban does not block failed login attempts via SSH key-based

Created:

2016-11-16 13:08:18 UTC

Modified:

2017-08-08 13:36:11 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Fail2Ban does not block failed login attempts via SSH key-based

Applicable to:

  • Plesk 12.5 for Linux

Symptoms

  1. SSH is configured to use key-based authentication
  2. ssh jail is activated in Fail2Ban
  3. Fail2Ban detects failed login attempts in /var/log/secure
  4. Fail2Ban does not block access to Plesk via ssh after detecting required number of failed login attempts

Cause

Fail2Ban does not block access to Plesk for ssh key-based authentication. ssh jail is applied to password-based authentication only.

Resolution

It is not required to block failed login attempts via ssh with key-based authentication as there is no practical way to brute-force the key. Any login attempts will fail anyway because they won't have the matching key.

Fail2Ban will perfectly block IPv4 brute-force attempts via ssh when password authorization is required.

Have more questions? Submit a request
Please sign in to leave a comment.