You have config errors that need to be fixed according to your post. As mghe suggested, check your 'ban action' for your ssh jail in
/etc/fail2ban/jail.local.
Unfortunately, I am just a 'beginner' to fail2 ban and documentation is POOR at best - but I have it running and banning. I found the "action" particularly UNCLEAR. I pounded my system until it started working. My (edited) SSH section looks like - personal settings replaced with inside/including the "{}" braces. Don't use the braces, and substitute YOUR settings:
Code: Select all
# SSH servers
#
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest={MyEmailAddress}, sender=fail2ban@example.com, sendername="Fail2Ban {myMachineName}"]
maxretry = 1
# 172800 = 48 hours
#bantime = 172800
bantime = 345600
logpath=/var/log/secure
If you want emails (as I do above) then the bottom of /etc/fail2ban/fail2ban.local
Code: Select all
[MAIL]
enabled = true
to = {MyEmailAddress}
Yes - I have mine really 'tight'.
If you're editing the actual ".conf" files, you shouldn't be (read the top - where it tells you to COPY to a '.local' file which you then edit). Not catastrophic, but if you want it to work right ..
Hope this helps.
If you need something more diverse, I am no help to you but have seen posts here with more knowledge/experience than myself that tweak fail2ban to more specific settings.