[sslh] SSLH and Fail2ban
Yves Rutschle
yves at naryves.com
Tue Jan 10 18:26:28 CET 2012
Hi, Sorry about the delay, I just realised now that mailman
wasn't working...
On Thu, Dec 22, 2011 at 10:42:28PM +0100, Void And Any wrote:
> But I have a question, is sslh compatible with fail2ban ?
> [...]
> Is there a solution ?
I haven't tried it, but I think it should be possible to run
fail2ban directly on the sslh log:
Jan 10 10:11:07 thelonious sslh[23183]: connection from 84.14.115.254:36373 to 192.168.0.250:443 forwarded to 127.0.0.1:22
This is enough to see there is connection from 84.14.115.254
to ssh. Basically it's not quite normal to see many ssh
connection from the same IP address, so you should be able
to make a rule to ban the source IP after "some"
connections.
This would cause a problem if you have many users connecting
to sslh from the same IP address, but I don't think that's a
common use case.
Y.
More information about the sslh
mailing list