# Add the following to you fail2ban configuration file # In Debian it'd go in /etc/fail2ban/filter.d/sslh-ssh.conf # Fail2Ban filter for sslh demultiplexed ssh # # Doesn't (and cannot) detect auth errors, # but many connection attempts from the same # origin is reason enough to block. # # Verion: 2014-03-28 [INCLUDES] # no includes [Definition] failregex = ^.+ sslh\[.+\]: connection from :.+ to .+ forwarded from .+ to .+:ssh\s*$ ignoreregex = # Author: Evert Mouw