Dear fail2ban, valid ssh logins with broken reverse DNS are 'normal' / 2015-10-27

2015-10-27 Dear fail2ban, valid ssh logins with broken reverse DNS are 'normal' 4 years ago
I got locked out of my own server due to fail2ban triggering on:
sshd[12449]: Address aaa.bbb.ccc.ddd maps to something.example.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
sshd[12723]: Address aaa.bbb.ccc.ddd maps to something.example.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
sshd[12916]: Address aaa.bbb.ccc.ddd maps to something.example.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
That was just a few scp actions in short succession, and no reason to lock me out!

I updated /etc/fail2ban/filter.d/sshd.conf and removed this from the failregex:
^%(__prefix_line)sAddress  .* POSSIBLE BREAK-IN ATTEMPT!*\s*$

Tags: ,

, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated in 0.004090 seconds.