Bonjour,
J'ai connu une petite tentative d'intrusion. Le plus souvent elles viennent de Chine. Les services "abuse" des FAI chinois ne répondent pas ou leurs boîtes mails sont saturées. La semaine dernière c'était une IP française. J'ai pu contacter le service abuse d'Online qui m'a répondu. Apparemment le nécessaire a été fait. Cependant, j'aimerais mieux comprendre le fonctionnement d'un programme d'intrusion. Accessoirement, j'aimerais aussi savoir pourquoi Fail2ban n'a pas mieux réagi. Voici d'abord un extrait d'auth.log et ensuite mes questions.
Jan 28 18:13:02 tbr CRON[1979]: pam_unix(cron:session): session closed for user root
Jan 28 18:14:01 tbr CRON[2027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:14:01 tbr CRON[2027]: pam_unix(cron:session): session closed for user root
Jan 28 18:15:01 tbr CRON[2070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:15:01 tbr CRON[2070]: pam_unix(cron:session): session closed for user root
Jan 28 18:15:27 tbr sshd[2113]: Invalid user 123abc from 62.210.177.88
Jan 28 18:15:27 tbr sshd[2113]: input_userauth_request: invalid user 123abc [preauth]
Jan 28 18:15:27 tbr sshd[2113]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:15:27 tbr sshd[2113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:15:29 tbr sshd[2113]: Failed password for invalid user 123abc from 62.210.177.88 port 43893 ssh2
Jan 28 18:15:29 tbr sshd[2113]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:16:01 tbr CRON[2115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:16:02 tbr CRON[2115]: pam_unix(cron:session): session closed for user root
Jan 28 18:16:55 tbr sshd[2159]: Invalid user 123abc from 62.210.177.88
Jan 28 18:16:55 tbr sshd[2159]: input_userauth_request: invalid user 123abc [preauth]
Jan 28 18:16:55 tbr sshd[2159]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:16:55 tbr sshd[2159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:16:57 tbr sshd[2159]: Failed password for invalid user 123abc from 62.210.177.88 port 36586 ssh2
Jan 28 18:16:57 tbr sshd[2159]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:17:01 tbr CRON[2162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:17:01 tbr CRON[2161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:17:01 tbr CRON[2162]: pam_unix(cron:session): session closed for user root
Jan 28 18:17:01 tbr CRON[2161]: pam_unix(cron:session): session closed for user root
Jan 28 18:18:01 tbr CRON[2207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:18:01 tbr CRON[2207]: pam_unix(cron:session): session closed for user root
Jan 28 18:18:25 tbr sshd[2251]: Invalid user 123abc from 62.210.177.88
Jan 28 18:18:25 tbr sshd[2251]: input_userauth_request: invalid user 123abc [preauth]
Jan 28 18:18:25 tbr sshd[2251]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:18:25 tbr sshd[2251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:18:27 tbr sshd[2251]: Failed password for invalid user 123abc from 62.210.177.88 port 57485 ssh2
Jan 28 18:18:27 tbr sshd[2251]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:19:01 tbr CRON[2253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:19:02 tbr CRON[2253]: pam_unix(cron:session): session closed for user root
Jan 28 18:19:55 tbr sshd[2296]: Invalid user 123abc from 62.210.177.88
Jan 28 18:19:55 tbr sshd[2296]: input_userauth_request: invalid user 123abc [preauth]
Jan 28 18:19:55 tbr sshd[2296]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:19:55 tbr sshd[2296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:19:57 tbr sshd[2296]: Failed password for invalid user 123abc from 62.210.177.88 port 50212 ssh2
Jan 28 18:19:57 tbr sshd[2296]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:20:01 tbr CRON[2298]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:20:01 tbr CRON[2298]: pam_unix(cron:session): session closed for user root
Jan 28 18:21:01 tbr CRON[2341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:21:02 tbr CRON[2341]: pam_unix(cron:session): session closed for user root
Jan 28 18:21:24 tbr sshd[2384]: Invalid user 123abc from 62.210.177.88
Jan 28 18:21:24 tbr sshd[2384]: input_userauth_request: invalid user 123abc [preauth]
Jan 28 18:21:24 tbr sshd[2384]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:21:24 tbr sshd[2384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:21:27 tbr sshd[2384]: Failed password for invalid user 123abc from 62.210.177.88 port 42876 ssh2
Jan 28 18:21:27 tbr sshd[2384]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:22:01 tbr CRON[2386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:22:01 tbr CRON[2386]: pam_unix(cron:session): session closed for user root
Jan 28 18:22:54 tbr sshd[2429]: Invalid user 123abc from 62.210.177.88
Jan 28 18:22:54 tbr sshd[2429]: input_userauth_request: invalid user 123abc [preauth]
Jan 28 18:22:54 tbr sshd[2429]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:22:54 tbr sshd[2429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:22:57 tbr sshd[2429]: Failed password for invalid user 123abc from 62.210.177.88 port 35569 ssh2
Jan 28 18:22:57 tbr sshd[2429]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:23:01 tbr CRON[2431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:23:01 tbr CRON[2431]: pam_unix(cron:session): session closed for user root
Jan 28 18:24:01 tbr CRON[2474]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:24:02 tbr CRON[2474]: pam_unix(cron:session): session closed for user root
Jan 28 18:24:24 tbr sshd[2517]: Invalid user 123abc from 62.210.177.88
Jan 28 18:24:24 tbr sshd[2517]: input_userauth_request: invalid user 123abc [preauth]
Jan 28 18:24:24 tbr sshd[2517]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:24:24 tbr sshd[2517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:24:25 tbr sshd[2517]: Failed password for invalid user 123abc from 62.210.177.88 port 56462 ssh2
Jan 28 18:24:25 tbr sshd[2517]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:25:01 tbr CRON[2519]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:25:01 tbr CRON[2519]: pam_unix(cron:session): session closed for user root
Jan 28 18:25:54 tbr sshd[2562]: Invalid user 123abc from 62.210.177.88
Jan 28 18:25:54 tbr sshd[2562]: input_userauth_request: invalid user 123abc [preauth]
Jan 28 18:25:54 tbr sshd[2562]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:25:54 tbr sshd[2562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:25:56 tbr sshd[2562]: Failed password for invalid user 123abc from 62.210.177.88 port 49159 ssh2
Jan 28 18:25:56 tbr sshd[2562]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:26:01 tbr CRON[2564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:26:01 tbr CRON[2564]: pam_unix(cron:session): session closed for user root
Jan 28 18:27:01 tbr CRON[2607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:27:02 tbr CRON[2607]: pam_unix(cron:session): session closed for user root
Jan 28 18:27:23 tbr sshd[2650]: Invalid user 123abc from 62.210.177.88
Jan 28 18:27:23 tbr sshd[2650]: input_userauth_request: invalid user 123abc [preauth]
Jan 28 18:27:23 tbr sshd[2650]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:27:23 tbr sshd[2650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:27:26 tbr sshd[2650]: Failed password for invalid user 123abc from 62.210.177.88 port 41818 ssh2
Jan 28 18:27:26 tbr sshd[2650]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:28:01 tbr CRON[2652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:28:01 tbr CRON[2652]: pam_unix(cron:session): session closed for user root
Jan 28 18:28:53 tbr sshd[2695]: Invalid user 123abc from 62.210.177.88
Jan 28 18:28:53 tbr sshd[2695]: input_userauth_request: invalid user 123abc [preauth]
Jan 28 18:28:53 tbr sshd[2695]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:28:53 tbr sshd[2695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:28:54 tbr sshd[2695]: Failed password for invalid user 123abc from 62.210.177.88 port 34539 ssh2
Jan 28 18:28:54 tbr sshd[2695]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:29:01 tbr CRON[2697]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:29:01 tbr CRON[2697]: pam_unix(cron:session): session closed for user root
Jan 28 18:30:01 tbr CRON[2742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:30:02 tbr CRON[2742]: pam_unix(cron:session): session closed for user root
Jan 28 18:30:23 tbr sshd[2785]: Invalid user 123abc from 62.210.177.88
Jan 28 18:30:23 tbr sshd[2785]: input_userauth_request: invalid user 123abc [preauth]
Jan 28 18:30:23 tbr sshd[2785]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:30:23 tbr sshd[2785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:30:24 tbr sshd[2785]: Failed password for invalid user 123abc from 62.210.177.88 port 55449 ssh2
Jan 28 18:30:24 tbr sshd[2785]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:31:01 tbr CRON[2787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:31:01 tbr CRON[2787]: pam_unix(cron:session): session closed for user root
Jan 28 18:31:54 tbr sshd[2830]: Invalid user 123abc from 62.210.177.88
Jan 28 18:31:54 tbr sshd[2830]: input_userauth_request: invalid user 123abc [preauth]
Jan 28 18:31:54 tbr sshd[2830]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:31:54 tbr sshd[2830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:31:55 tbr sshd[2830]: Failed password for invalid user 123abc from 62.210.177.88 port 48147 ssh2
Jan 28 18:31:55 tbr sshd[2830]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:32:01 tbr CRON[2832]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:32:02 tbr CRON[2832]: pam_unix(cron:session): session closed for user root
Jan 28 18:33:01 tbr CRON[2875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:33:01 tbr CRON[2875]: pam_unix(cron:session): session closed for user root
Jan 28 18:33:23 tbr sshd[2918]: Invalid user Admin from 62.210.177.88
Jan 28 18:33:23 tbr sshd[2918]: input_userauth_request: invalid user Admin [preauth]
Jan 28 18:33:23 tbr sshd[2918]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:33:23 tbr sshd[2918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:33:26 tbr sshd[2918]: Failed password for invalid user Admin from 62.210.177.88 port 40809 ssh2
Jan 28 18:33:26 tbr sshd[2918]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:34:01 tbr CRON[2920]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:34:01 tbr CRON[2920]: pam_unix(cron:session): session closed for user root
Jan 28 18:34:53 tbr sshd[2963]: Invalid user Admin from 62.210.177.88
Jan 28 18:34:53 tbr sshd[2963]: input_userauth_request: invalid user Admin [preauth]
Jan 28 18:34:53 tbr sshd[2963]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:34:53 tbr sshd[2963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:34:55 tbr sshd[2963]: Failed password for invalid user Admin from 62.210.177.88 port 33501 ssh2
Jan 28 18:34:55 tbr sshd[2963]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:35:01 tbr CRON[2965]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:35:02 tbr CRON[2965]: pam_unix(cron:session): session closed for user root
Jan 28 18:36:01 tbr CRON[3008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:36:01 tbr CRON[3008]: pam_unix(cron:session): session closed for user root
Jan 28 18:36:23 tbr sshd[3051]: Invalid user Admin from 62.210.177.88
Jan 28 18:36:23 tbr sshd[3051]: input_userauth_request: invalid user Admin [preauth]
Jan 28 18:36:23 tbr sshd[3051]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:36:23 tbr sshd[3051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:36:24 tbr sshd[3051]: Failed password for invalid user Admin from 62.210.177.88 port 54394 ssh2
Jan 28 18:36:24 tbr sshd[3051]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:37:01 tbr CRON[3053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:37:01 tbr CRON[3053]: pam_unix(cron:session): session closed for user root
Jan 28 18:37:53 tbr sshd[3096]: Invalid user Admin from 62.210.177.88
Jan 28 18:37:53 tbr sshd[3096]: input_userauth_request: invalid user Admin [preauth]
Jan 28 18:37:53 tbr sshd[3096]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:37:53 tbr sshd[3096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:37:54 tbr sshd[3096]: Failed password for invalid user Admin from 62.210.177.88 port 47085 ssh2
Jan 28 18:37:54 tbr sshd[3096]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:38:01 tbr CRON[3098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:38:02 tbr CRON[3098]: pam_unix(cron:session): session closed for user root
Jan 28 18:39:01 tbr CRON[3141]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:39:01 tbr CRON[3141]: pam_unix(cron:session): session closed for user root
Jan 28 18:39:22 tbr sshd[3184]: Invalid user Admin from 62.210.177.88
Jan 28 18:39:22 tbr sshd[3184]: input_userauth_request: invalid user Admin [preauth]
Jan 28 18:39:22 tbr sshd[3184]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:39:22 tbr sshd[3184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:39:25 tbr sshd[3184]: Failed password for invalid user Admin from 62.210.177.88 port 39790 ssh2
Jan 28 18:39:25 tbr sshd[3184]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:40:01 tbr CRON[3186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:40:01 tbr CRON[3186]: pam_unix(cron:session): session closed for user root
Jan 28 18:40:52 tbr sshd[3229]: Invalid user Admin from 62.210.177.88
Jan 28 18:40:52 tbr sshd[3229]: input_userauth_request: invalid user Admin [preauth]
Jan 28 18:40:52 tbr sshd[3229]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:40:52 tbr sshd[3229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:40:54 tbr sshd[3229]: Failed password for invalid user Admin from 62.210.177.88 port 60736 ssh2
Jan 28 18:40:55 tbr sshd[3229]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:41:01 tbr CRON[3231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:41:02 tbr CRON[3231]: pam_unix(cron:session): session closed for user root
Jan 28 18:42:01 tbr CRON[3274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:42:01 tbr CRON[3274]: pam_unix(cron:session): session closed for user root
Jan 28 18:42:22 tbr sshd[3319]: Invalid user aaron from 62.210.177.88
Jan 28 18:42:22 tbr sshd[3319]: input_userauth_request: invalid user aaron [preauth]
Jan 28 18:42:22 tbr sshd[3319]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:42:22 tbr sshd[3319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:42:24 tbr sshd[3319]: Failed password for invalid user aaron from 62.210.177.88 port 53403 ssh2
Jan 28 18:42:24 tbr sshd[3319]: Received disconnect from 62.210.177.88: 11: Bye Bye [preauth]
Jan 28 18:43:01 tbr CRON[3321]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 18:43:02 tbr CRON[3321]: pam_unix(cron:session): session closed for user root
Jan 28 18:43:51 tbr sshd[3364]: Invalid user aaron from 62.210.177.88
Jan 28 18:43:51 tbr sshd[3364]: input_userauth_request: invalid user aaron [preauth]
Jan 28 18:43:51 tbr sshd[3364]: pam_unix(sshd:auth): check pass; user unknown
Jan 28 18:43:51 tbr sshd[3364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-177-88.rev.poneytelecom.eu
Jan 28 18:43:53 tbr sshd[3364]: Failed password for invalid user aaron from 62.210.177.88 port 46108 ssh2
Ce que je comprends c'est que sous Debian "pam_unix" se connecte et se déconnecte en root une fois par minute via une planification CRON. Un post m'a appris que c'était du "real time monitoring" qui teste l'intégrité de mon système (
https://www.ovh.com/fr/serveurs_dedies/rtm.xml).
Le 28 janvier à 18:15:27 un utilisateur non valide ("123abc") tente de se connecter 12 fois, mais il est déconnecté. Le port ssh2 change à chaque tentative.
1 - Faut-il déduire que 12 mots de passe ont été testés sur des ports différents ? Ensuite, ce sera "abc", 5 fois avec l'utilisateur "Admin", puis 2 fois "aaron", ensuite "ab" et "abby", etc..
2 - Pourquoi le nombre de tentatives varie-t-il selon les "users" ? et pourquoi l'ordre alphabètique n'est-il pas respecté ? Est-ce que cela suppose une intervention humaine et non plus programmée ?
La tentative d'intrusion va continuer pendant 3 jours jusqu'à la lettre F avec des mots de passe plutôt pauvres, issus semble-t-il d'un dictionnaire de mots de passe de type anglo-saxon. Le processus de la tentative me paraît plutôt lent.
3 - Un nmap révèle facilement sur quel port se trouve mon ssh. Pourquoi le programme pirate teste-t-il des ports différents ?
4 - Mon fail2ban est-il mal configuré ? N'aurait-il pas dû bloquer l'attaquant pendant une heure après 6 tentatives ?
Mon jail.local :
[ssh]
95 enabled = true
96 port = xxxx
97 filter = sshd
98 logpath = /var/log/auth.log
99 maxretry = 6
100 findtime = 3600
Je n'ai pas de serveur apache, simplement une seedbox. Je suis forcé de me connecter avec un mot de passe et non avec une clé car mon user ne peut pas être à 755 pour que tout fonctionne.