[sslh] fail2ban
Yves Rutschle
yves at naryves.com
Fri Oct 4 08:23:03 CEST 2013
On Thu, Oct 03, 2013 at 09:32:56AM +0100, Jon Spriggs wrote:
> Transparent mode adds an awful lot of other stuff that needs to be
> done. The "How to make it work" is in the README here:
An alternative would be to write the appropriate regexp for
fail2ban, extracting the data from sslh logs:
sslh[17582]: connection from <...> to <...> forwarded from localhost:52890 to localhost:ssh
-> if I see 5 connections to ssh from the same IP address,
there's something suspicious going on, ban that IP.
Y.
More information about the sslh
mailing list