Attacks against valid users don't get caught

Bug #152964 reported by Nighty
Affects Status Importance Assigned to Milestone
fail2ban (Debian)
Fix Released
fail2ban (Ubuntu)
Fix Released
Jamie Strandboge

Bug Description

Binary package hint: fail2ban

The current configuration shipped with version 0.7.6-3ubuntu1 of fail2ban fails to catch failed login attempts for valid users. Example line of my /var/log/auth.log that didn't get matched:

Oct 13 10:16:34 tardis sshd[18845]: Failed password for nighty from port 38046 ssh2

Replacing the following line in /etc/fail2ban/filter.d/sshd.conf:

(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid))? user .*(?: from|FROM) <HOST>


(?:Authentication failure|Failed [-/\w+]+) for .*(?: from|FROM) <HOST>

remedies this. Just tested it from 2 remote hosts to my machine, and it catches wrong passwords as well as empty passwords, like the old rule did, but this time also for existing users.

Changed in fail2ban:
assignee: nobody → jamie-strandboge
Changed in fail2ban:
status: Unknown → Fix Released
Revision history for this message
Wouter Stomp (wouterstomp-deactivatedaccount) wrote :

According to the upstream bug report, this bug was no in the debian version of the package, which was later synced to ubuntu. So it should be fixed now.

Changed in fail2ban:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.