sshguard malfunction [bug report?]



  • it seems that sshguard in the current version2.4.4-RELEASE-p3 (amd64) (did not have that "effect" in 2.4.0) recognizes regular (periodically) connections of i.e. our nagios monitoring (check_ssh) as "abuse" and blocks that IP in "GUI and SSH lock table".

    And it seems that it is not possible to overwrite this behaviour in Firewall.

    The SSHD is configured and running on a non-standard port and opened to the public IP of the monitor host.

    From logs:

    sshguard	11678	Blocking "A.B.C.D/32" for 122880 secs (15 attacks in 1679 secs, after 11 abuses over 150490 secs.)
    

    Before i start to fiddle with any config files manually, i try to report this here as a possible bug (or as a "feature request" to establish a "lockout rule" for (privileged) monitor hosts/networks).

    many thanks for your time.

    niels.


  • Galactic Empire

    Tried adding your hosts to the whitelist at the bottom of the page ?

    System -> Advanced -> Admin Access -> Login Protection



  • many thanks you for the hint / workaround. Overseen this "Login protection" yet (looked for sshguard anywhere...ß) and try this now...

    come back to mark solved if this works.


Log in to reply