Did you restart both Fail2Ban AND sshd?
Are there any errors reading the config file?
Changed it in the jails.conf file and this was the result:
Code:
2013-09-06 07:14:46,075 fail2ban.filter : INFO Set maxRetry = 6
2013-09-06 07:14:46,077 fail2ban.filter : INFO Set findtime = 600
2013-09-06 07:14:46,077 fail2ban.actions: INFO Set banTime = 86400
2013-09-06 07:14:46,107 fail2ban.jail : INFO Jail 'ssh' started
On Ubuntu Srv 12.04.3 with LXDE loaded.
I put a 35 second setting into filter.d/sshd.conf and that was NOT taken. Don't know why not.
I don't know if this is an option for you, but if you have the router do port translation from any other port - perhaps 63099 on the internet to port 22 on the server, 95% of the attempts will go away. Then on the clients, setup the ~/.ssh/config file to automatically use whatever port you select for that specific server connection. Almost every ssh-based program will honor the ~/.ssh/config settings so there isn't any need to pass the port into those commands.
BTW, changed the time in the jails.conf file again
Code:
2013-09-06 07:22:11,642 fail2ban.filter : INFO Set maxRetry = 6
2013-09-06 07:22:11,643 fail2ban.filter : INFO Set findtime = 600
2013-09-06 07:22:11,643 fail2ban.actions: INFO Set banTime = 6400
2013-09-06 07:22:11,671 fail2ban.jail : INFO Jail 'ssh' started
See - it works.
Bookmarks