search

yakworks / docker-sftp

sftp with fail2ban and kubernetes support
https://hub.docker.com/r/yakworks/sftp/
MIT License
6 stars 5 forks source link

Does not ban private key auth attempts from correct username and wrong key #8

Open klack opened 1 week ago

klack commented 1 week ago

If I add PasswordAuthentication no to sshd_config for private key only login: Fail2ban does not ban failed key login attempts. It does work properly with PasswordAuthentication yes

klack commented 1 week ago

Seems to only happen when I try logging in, with the correct username, and wrong key. This is what the log looks like during this type of login:

Jun 20 20:32:01 22ee51f6401c sshd[170]: Connection from 172.17.0.1 port 39534 on 172.17.0.2 port 22
Jun 20 20:32:01 22ee51f6401c sshd[170]: Failed publickey for passsync from 172.17.0.1 port 39534 ssh2: RSA SHA256:BaFPEJCrMsuEVRETmanqBA16QNDoOX6Il74dIAkWnf8
Jun 20 20:32:01 22ee51f6401c sshd[170]: Failed publickey for passsync from 172.17.0.1 port 39534 ssh2: RSA SHA256:56vnqlx+iqMFXdOswA1ZG2i1/AAz5i2Nx8liaWfEl48
Jun 20 20:32:01 22ee51f6401c sshd[170]: Connection closed by authenticating user passsync 172.17.0.1 port 39534 [preauth]
Jun 20 20:32:01 22ee51f6401c sshd[172]: Connection from 172.17.0.1 port 39540 on 172.17.0.2 port 22
Jun 20 20:32:01 22ee51f6401c sshd[172]: Failed publickey for passsync from 172.17.0.1 port 39540 ssh2: RSA SHA256:BaFPEJCrMsuEVRETmanqBA16QNDoOX6Il74dIAkWnf8
Jun 20 20:32:01 22ee51f6401c sshd[172]: Failed publickey for passsync from 172.17.0.1 port 39540 ssh2: RSA SHA256:56vnqlx+iqMFXdOswA1ZG2i1/AAz5i2Nx8liaWfEl48
Jun 20 20:32:01 22ee51f6401c sshd[172]: Connection closed by authenticating user passsync 172.17.0.1 port 39540 [preauth]
Jun 20 20:32:02 22ee51f6401c sshd[174]: Connection from 172.17.0.1 port 39544 on 172.17.0.2 port 22
Jun 20 20:32:02 22ee51f6401c sshd[174]: Failed publickey for passsync from 172.17.0.1 port 39544 ssh2: RSA SHA256:BaFPEJCrMsuEVRETmanqBA16QNDoOX6Il74dIAkWnf8
Jun 20 20:32:02 22ee51f6401c sshd[174]: Failed publickey for passsync from 172.17.0.1 port 39544 ssh2: RSA SHA256:56vnqlx+iqMFXdOswA1ZG2i1/AAz5i2Nx8liaWfEl48
Jun 20 20:32:02 22ee51f6401c sshd[174]: Connection closed by authenticating user passsync 172.17.0.1 port 39544 [preauth]
Jun 20 20:32:02 22ee51f6401c sshd[176]: Connection from 172.17.0.1 port 39546 on 172.17.0.2 port 22
Jun 20 20:32:02 22ee51f6401c sshd[176]: Failed publickey for passsync from 172.17.0.1 port 39546 ssh2: RSA SHA256:BaFPEJCrMsuEVRETmanqBA16QNDoOX6Il74dIAkWnf8
Jun 20 20:32:02 22ee51f6401c sshd[176]: Failed publickey for passsync from 172.17.0.1 port 39546 ssh2: RSA SHA256:56vnqlx+iqMFXdOswA1ZG2i1/AAz5i2Nx8liaWfEl48
Jun 20 20:32:02 22ee51f6401c sshd[176]: Connection closed by authenticating user passsync 172.17.0.1 port 39546 [preauth]
Jun 20 20:32:02 22ee51f6401c sshd[178]: Connection from 172.17.0.1 port 39558 on 172.17.0.2 port 22
Jun 20 20:32:02 22ee51f6401c sshd[178]: Failed publickey for passsync from 172.17.0.1 port 39558 ssh2: RSA SHA256:BaFPEJCrMsuEVRETmanqBA16QNDoOX6Il74dIAkWnf8
Jun 20 20:32:02 22ee51f6401c sshd[178]: Failed publickey for passsync from 172.17.0.1 port 39558 ssh2: RSA SHA256:56vnqlx+iqMFXdOswA1ZG2i1/AAz5i2Nx8liaWfEl48
Jun 20 20:32:02 22ee51f6401c sshd[178]: Connection closed by authenticating user passsync 172.17.0.1 port 39558 [preauth]
Jun 20 20:32:02 22ee51f6401c sshd[180]: Connection from 172.17.0.1 port 39562 on 172.17.0.2 port 22
Jun 20 20:32:02 22ee51f6401c sshd[180]: Failed publickey for passsync from 172.17.0.1 port 39562 ssh2: RSA SHA256:BaFPEJCrMsuEVRETmanqBA16QNDoOX6Il74dIAkWnf8
Jun 20 20:32:02 22ee51f6401c sshd[180]: Failed publickey for passsync from 172.17.0.1 port 39562 ssh2: RSA SHA256:56vnqlx+iqMFXdOswA1ZG2i1/AAz5i2Nx8liaWfEl48
Jun 20 20:32:02 22ee51f6401c sshd[180]: Connection closed by authenticating user passsync 172.17.0.1 port 39562 [preauth]
Jun 20 20:32:02 22ee51f6401c sshd[182]: Connection from 172.17.0.1 port 39578 on 172.17.0.2 port 22
Jun 20 20:32:02 22ee51f6401c sshd[182]: Failed publickey for passsync from 172.17.0.1 port 39578 ssh2: RSA SHA256:BaFPEJCrMsuEVRETmanqBA16QNDoOX6Il74dIAkWnf8
Jun 20 20:32:02 22ee51f6401c sshd[182]: Failed publickey for passsync from 172.17.0.1 port 39578 ssh2: RSA SHA256:56vnqlx+iqMFXdOswA1ZG2i1/AAz5i2Nx8liaWfEl48
Jun 20 20:32:02 22ee51f6401c sshd[182]: Connection closed by authenticating user passsync 172.17.0.1 port 39578 [preauth]