[SAC] [OSGeo] #1667: ssh login to upload.osgeo.org not possible
Sandro Santilli
strk at keybit.net
Wed May 4 03:48:26 PDT 2016
On Wed, May 04, 2016 at 12:32:31PM +0200, Markus Neteler wrote:
> On Wed, May 4, 2016 at 10:00 AM, Sandro Santilli <strk at keybit.net> wrote:
> > Markus, I found a mention of fail2ban on the wiki:
> > https://wiki.osgeo.org/wiki/SAC:Standard_System_Setup#Fail2ban
> > You could maybe move that content to a SAC:fail2ban or similar,
> > adding the usage instructions ?
>
> Sure. Here you go..:
> https://wiki.osgeo.org/wiki/SAC:fail2ban
Thanks a lot !
So, following instruction I see that:
(1) both fail2ban and denyhosts are running
(2) fail2ban and denyhosts configurations differ
See for example:
# Denyhosts banned this IP and will not unban before 1 week:
2016-05-03 23:49:34,716 - denyhosts : INFO new denied hosts: ['208.67.1.237']
# fail2ban banned the same IP at the same time
# but unbanned after 10 minutes:
2016-05-03 23:49:13,268 fail2ban.actions: WARNING [ssh] Ban 208.67.1.237
2016-05-03 23:59:13,932 fail2ban.actions: WARNING [ssh] Unban 208.67.1.237
I've to say I like the 10 minutes expiration better than the 1 week one,
but maybe it could be made an intermediate value of an hour or so.
Would it make sense to keep the fail2ban configuration under a git
repository to be shared among the different machines ?
Alex: could you disable denyhosts after ensuring fail2ban can deal
with all the same things ?
--strk;
More information about the Sac
mailing list