-1

I got over 3k failed login attempts yesterday morning which was the most ive ever seen. I did some research and Fail2Ban seems to be a good step to stopping this. I have installed it and it seems to be going ok, but i have noticed that it is blocking access from anything that isn't an SSH client.

I use windows and i like to keep backups of the server on my laptop. I use Cygwin to give me access to rsync. I also use WinSCP to log into the server to modify any files as I am completely useless at using vi. When Fail2Ban is running, i can no longer access my server using both of these application.

I am running Centos6 and i am using the root user to login with both applications. Is there a way to get around this without causing security issues?

This is the error i get from WinSCP.

Cannot initialize SFTP protocol. Is the host running a SFTP server?

Dan Hastings
  • 696
  • 1
  • 12
  • 24

1 Answers1

0

The fail2ban utility should only block connections that have triggered it. If It is blocking things that it should not, you will have to figure out why and take appropriate action. You can use the command line utility fail2ban-client to gather information about what is configured/blocked etc.

Other general stuff:

  • Don't log in as root use sudo instead. -- Disable root login via ssh completely.
  • Use keys not passwords
  • Use a special account for your backuop.
    • Use keys for this account.
    • Ensure that only certain commands are allowed using the keys.
user9517
  • 114,104
  • 20
  • 206
  • 289
  • i can still connect using an ssh client though, so it doesnt seem to be blocking my IP. I get an error from winscp saying "Cannot initialize SFTP protocol. Is the host running a SFTP server?". Something else about max packet size. Doesnt seem to be an issue without fail2ban running though – Dan Hastings Jan 11 '17 at 10:37
  • Why did you say it was blocking you then in your question ? Did you check your server side logs yet ? – user9517 Jan 11 '17 at 10:39
  • its blocking cygwin and winscp. i mentioned it was allowing ssh. i did, but its most definitely fail2ban thats causing this. i can connect just fine when the service is disabled – Dan Hastings Jan 11 '17 at 10:56