fail2ban works just fine with sshd. I combine this GeoIP blocking ceetain troublesome locations in firewalls. 98% of my scanning / exploiting comes from 11 countries.
fail2ban is great, but only works on the local host.
The post says: "Right now our perimeter firewall is blind to whether a brief SSH connection was successful or not"
(I suspect there's a way to set up centralised logging and fail2ban running looking at those centralised logs and sending updates to a perimeter firewall, but that's not a typical deployment of fail2ban. Or at least is wasn't when I was heavily using it a while back.)
kemitche|1 year ago
niobe|1 year ago
bigiain|1 year ago
The post says: "Right now our perimeter firewall is blind to whether a brief SSH connection was successful or not"
(I suspect there's a way to set up centralised logging and fail2ban running looking at those centralised logs and sending updates to a perimeter firewall, but that's not a typical deployment of fail2ban. Or at least is wasn't when I was heavily using it a while back.)