sshguard blocks the remote client at 1st mistake regardless of THRESHOLD option value

Create issue
Issue #140 closed
Former user created an issue

Issue: sshguard blocks the remote client at 1st mistake regardless of THRESHOLD option value

OS: Debian Linux 10.9 SSH server: openssh-server 1:7.9p1-10+deb10 sshguard version: 2.3.1-1

Changing the 'THRESHOLD' option in /etc/sshguard/sshguard.conf file doesn't have effect in the sshguard behavior! It always blocks the ssh client after 1st mistake! (bad userid, bad password, ...)

Comments (6)

  1. Kevin Zheng
    • changed status to open

    Would you mind double-checking that the Debian scripts that start SSHGuard don't override the threshold setting via the command-line?

  2. Dr. Majid Tajamolian

    OK, I did it:

    /etc/init.d/sshguard

    ...
    DAEMON_ARGS="-i $PIDFILE"
    ...
    case "$1" in
            start)
            log_daemon_msg "Starting $DESC" "$NAME"
            if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON --background -- $DAEMON_ARGS; then
                    log_end_msg 0
            else
                    log_end_msg 1
            fi
            ;;
    ...
    

    As you see above, there is NOT any option overwrite in the debian start/stop script.

  3. Kevin Zheng

    I noticed now that you are running SSHGuard 2.3.1. SSHGuard 2.4.2 (the latest version) removed a few attack signatures that was causing one SSH login failure to possibly be detected as several. Are you able to test again with SSHGuard 2.4.2?

  4. Log in to comment