Tagged: ssh

Fail2ban not block SSH fail attempts

In my /etc/fail2ban/jail.conf file:

enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
bantime  = -1
findtime  = 10m
maxretry = 5

So my Fail2ban should able to ban IP if the IP fails to attempt SSH 5 times within 10 minutes. But now Fail2ban not banning any IP

Solution: make sure Fail2ban service turned on

sudo fail2ban start
sudo fail2ban-client start</code></pre>

Then make sure /var/log/auth.log file exist in order to log the record

Finally restart rsyslog

sudo /etc/init.d/rsyslog restart

“WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!” occurred when trying to connect server via SSH

Problem: Use SSH to connect the server as usual, then occur WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! message

The target server is re-format before, the authentication information has been changed. You have to delete the old authentication information in your computer first.



ssh-keygen -R (target server IP)


Go to the host key directory, in my case the directory is “C:\Users\paulck.ssh”. Find the known_hosts file, delete the line that contains target server IP.

(target server IP) ecdsa-sha2-nistp256 (RSA key)