1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
# Add the following to you fail2ban configuration file
# In Debian it'd go in /etc/fail2ban/filter.d/sslh-ssh.conf
# Fail2Ban filter for sslh demultiplexed ssh
#
# Doesn't (and cannot) detect auth errors,
# but many connection attempts from the same
# origin is reason enough to block.
#
# Verion: 2014-03-28
[INCLUDES]
# no includes
[Definition]
failregex = ^.+ sslh\[.+\]: connection from <HOST>:.+ to .+ forwarded
from .+ to .+:ssh\s*$
ignoreregex =
# Author: Evert Mouw <post@evert.net>
|
