Hello Erik, hello Michael, hello *,
thank you for reporting fail2ban being too restrictive on SSH service running at people01. It is now configured to be more relaxed and blocking IP addresses for a shorter amount of time.
I do not expect any troubles with these settings, except for extremely sloppy users. :-) However, they are too relaxed in my point of view, and I would like to raise them back to old values some day.
Besides typos entering passwords - which unfortunately is a backside of running Kerberos, SSH access with public keys is somewhat breaking that design -, I cannot really imagine of other authentication failures for legitimate users.
If possible, I would like to ask anybody who has SSH access on people.ipfire.org to clean up their SSH settings, i.e. drop old keys which are not being used anymore. Let me know if I have overlooked something.
Thanks, and best regards, Peter Müller
P.S.: Fail2ban is still active with more strict configuration for Submissions and IMAPS, haven't heard any complaints there so far...