- changed status to open
sshguard blocks the remote client at 1st mistake regardless of THRESHOLD option value
Issue: sshguard blocks the remote client at 1st mistake regardless of THRESHOLD option value
OS: Debian Linux 10.9 SSH server: openssh-server 1:7.9p1-10+deb10 sshguard version: 2.3.1-1
Changing the 'THRESHOLD' option in /etc/sshguard/sshguard.conf file doesn't have effect in the sshguard behavior! It always blocks the ssh client after 1st mistake! (bad userid, bad password, ...)
Comments (6)
-
-
OK, I did it:
/etc/init.d/sshguard
... DAEMON_ARGS="-i $PIDFILE" ... case "$1" in start) log_daemon_msg "Starting $DESC" "$NAME" if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON --background -- $DAEMON_ARGS; then log_end_msg 0 else log_end_msg 1 fi ;; ...
As you see above, there is NOT any option overwrite in the debian start/stop script.
-
I noticed now that you are running SSHGuard 2.3.1. SSHGuard 2.4.2 (the latest version) removed a few attack signatures that was causing one SSH login failure to possibly be detected as several. Are you able to test again with SSHGuard 2.4.2?
-
Unfortunately all of the Debian packages for sshguard in the main repo are outdated!
Is the matter related to the following bug report in Debian?
-
It might be related to that issue, though I can’t confirm since I’m not on Debian.
2.4.2 also fixes these two issues:
- https://bitbucket.org/sshguard/sshguard/issues/137/sshd-overblocking-on-invalid-user
- https://bitbucket.org/sshguard/sshguard/issues/139/ssh-block-after-just-a-single-or-two-login
-
- changed status to closed
Please re-open if the problem persists after updating SSHGuard.
- Log in to comment
Would you mind double-checking that the Debian scripts that start SSHGuard don't override the threshold setting via the command-line?