I created a passwordless ssh login for one of my servers by using the authorized_keys file.
The server has fail2ban on it, and I noticed that after several successful logins I could no longer log in (connection timeout.) If I disable fail2ban, I can once again log in. Is there a way to configure fail2ban to not count my successful logins against me?
Thanks!
I had a similar situation. Even when a successful login takes place, a 'Failed' message appears in the sshd log file (/var/log/messages) It is caused by this regular expression (see Chris S answer):
matching lines like this from the /var/log/messages file:
When a user logs in successfully a 'Failed none' message still appears in the messages file.
To resolve this I changed the sshd_config file (/etc/ssh/sshd_config) to specify
rather than
This stops the 'Failed none' message for successful logins, but retains it for login failures.
I also considered updating the sshd.conf fail2ban configuration file and adding something to the 'ignoreregex' line, but updating sshd is a cleaner solution.
You can use the ignoreip config option to tell fail2ban to ignore your IP.
http://www.fail2ban.org/wiki/index.php/Commands
Into /etc/fail2ban/jail.conf add something like
My sshd.local file has this line to fix a similar problem. Compare yours, it should be similar:
This is not solving your issue but hopefully giving you an idea why it happens.
The ssh client is using ssh keys as you described. I assume your client has more then one ssh key in the ssh agent listed (ssh-add -l). In such a setup, the ssh client is connecting to the server and tries to authenticate usin "one of the keys".
So what happens is that the ssh client tries one key after the other until one is accepted by the server.
Assuming 3 ssh keys, the worst case would result in 2 failed attempts followed by a successful login. Connecting multiple times with the "findtime" of fail2ban ... And you are banned.
I am currently looking for a solution as well. When I found it, i will share it. ;)