I have an public facing ssh server thats being beat on constantly this ive set the logging level to verbose and have a custom jail with this config
[fennectech@jasper ~]$ cat /etc/fail2ban/jail.d/sshd.local [sshd] enabled = true filter = sshd banaction = iptables backend = systemd maxretry = 5 findtime = 1d bantime = 2w ignoreip = 127.0.0.1/8
But it is not detecting the attackers that are banging on my front door.
im getting constant output like this in dmesg
[ 477.515913] audit: type=1100 audit(1578002868.083:149): pid=24591 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/bin/sshd" hostname=22.214.171.124 addr=126.96.36.199 terminal=ssh res=failed' [ 489.194660] audit: type=1100 audit(1578002879.755:150): pid=25157 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="pierre" exe="/usr/bin/sshd" hostname=188.8.131.52 addr=184.108.40.206 terminal=ssh res=failed'
I would like to have it block these types of requests