Hello everyone,
I recently added Fail2Ban to my Proxmox VE server and my VMs to harden the security.
After testing everything seems to be working as expected.
When I fail to authenticate myself (during testing) in the web GUI of Proxmox VE, I get banned as expected.
Now I have been running Fail2Ban for a couple of weeks and observed the following:
The Proxmox VE filter as described in the wiki (Wiki Article) does not get banned IPs, and very little fails. (Only got 2 a 3 fails in a couple of weeks.)
The sshd filter gets a lot of banned IPs (75 total).
Now I would assume this is due to sshd being way more tested for common usernames and passwords as basicly every linux system runs sshd on port 22.
But I was wondering if any other Proxmox VE admin who use Fail2Ban with the Proxmox VE filter see this behavior. (And thus verifying my findings are correct and normal.)
Thanks in advance.
I recently added Fail2Ban to my Proxmox VE server and my VMs to harden the security.
After testing everything seems to be working as expected.
When I fail to authenticate myself (during testing) in the web GUI of Proxmox VE, I get banned as expected.
Now I have been running Fail2Ban for a couple of weeks and observed the following:
The Proxmox VE filter as described in the wiki (Wiki Article) does not get banned IPs, and very little fails. (Only got 2 a 3 fails in a couple of weeks.)
The sshd filter gets a lot of banned IPs (75 total).
Now I would assume this is due to sshd being way more tested for common usernames and passwords as basicly every linux system runs sshd on port 22.
But I was wondering if any other Proxmox VE admin who use Fail2Ban with the Proxmox VE filter see this behavior. (And thus verifying my findings are correct and normal.)
Thanks in advance.
