[sslh] fail2ban

[Yves Rutschle]

On Thu, Oct 03, 2013 at 09:32:56AM +0100, Jon Spriggs wrote:
> Transparent mode adds an awful lot of other stuff that needs to be
> done. The "How to make it work" is in the README here:

An alternative would be to write the appropriate regexp for
fail2ban, extracting the data from sslh logs:

sslh[17582]: connection from <...> to <...> forwarded from localhost:52890 to localhost:ssh

-> if I see 5 connections to ssh from the same IP address,
there's something suspicious going on, ban that IP.

Y.