fail2ban false positives on people01.haj.ipfire.org (was: Re: git send-email Undefined subroutine &IO::Socket::SSL)

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: peter.mueller@ipfire.org
To: development@lists.ipfire.org
Subject: fail2ban false positives on people01.haj.ipfire.org (was: Re: git send-email Undefined subroutine &IO::Socket::SSL)
Date: Thu, 19 Sep 2019 16:22:00 +0000	[thread overview]
Message-ID: <4a8d40b1-aef1-a6cf-031c-6358a7d679e1@ipfire.org> (raw)
In-Reply-To: <49FD3D92-6860-46A4-8AF3-2478C24B798D@ipfire.org>

[-- Attachment #1: Type: text/plain, Size: 1046 bytes --]

Hello Erik, hello Michael, hello *,

thank you for reporting fail2ban being too restrictive on SSH
service running at people01. It is now configured to be more
relaxed and blocking IP addresses for a shorter amount of time.

I do not expect any troubles with these settings, except for
extremely sloppy users. :-) However, they are too relaxed in
my point of view, and I would like to raise them back to old values
some day.

Besides typos entering passwords - which unfortunately is a
backside of running Kerberos, SSH access with public keys is
somewhat breaking that design -, I cannot really imagine of
other authentication failures for legitimate users.

If possible, I would like to ask anybody who has SSH access
on people.ipfire.org to clean up their SSH settings, i.e. drop
old keys which are not being used anymore. Let me know if I
have overlooked something.

Thanks, and best regards,
Peter Müller

P.S.: Fail2ban is still active with more strict configuration
for Submissions and IMAPS, haven't heard any complaints there
so far...

     prev parent reply	other threads:[~2019-09-19 16:22 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-17  4:54 git send-email Undefined subroutine &IO::Socket::SSL ummeegge
2019-09-17 13:39 ` Michael Tremer
2019-09-17 14:17   ` ummeegge
2019-09-17 20:05     ` Michael Tremer
2019-09-18  5:01       ` ummeegge
2019-09-18 12:29         ` Michael Tremer
2019-09-18 12:57           ` ummeegge
2019-09-19 13:14             ` Michael Tremer
2019-09-19 14:34               ` ummeegge
2019-09-23 22:33                 ` Michael Tremer
2019-09-19 16:22               ` peter.mueller [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4a8d40b1-aef1-a6cf-031c-6358a7d679e1@ipfire.org \
    --to=peter.mueller@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox