Fail2ban for mqtts + is fail2ban useful for servers that use only ssh keys to log in?

Hello Guys,

I have two questions

  1. I am trying to set fail2ban for mqtts (port 8883). On my server port 8883 is open for the world. The only, who have credentials for mosquitto, can connect and send data to my server. Now i have set the fail2ban for mqtts, but i dont know i can i test this, is it working or not!
    I have another client, i wanted to send the data via this client to my server with wrong credentials and wanted to see if my server can block the IP of this client. But the problem is untill i dont provide the correct credential to my mqtts node (clien side) it cant dare to connect with server. Could you please tell me, how can i test this.

  2. Is fail2ban useful for the servers that use only permit ssh keys authentication ??? I have verified that fail2ban works fine for password base authentication, but my server have ssh key based authentiaction. Is it make sense to install this fail2ban package, if i am using ssh keys already?

Hi,
i don't think you get much reply's here because this is the Nodered forum and probably there are not much fail2ban users here.
You can better ask on a fail2ban forum or google for the solution.

  1. Not really clear what you are asking there. You need someone on a different IP address to attempt multiple unsuccessful logins within the set timeperiod defined in fail2ban.

  2. Yes, it is useful - if you configure it. All it does is look for patterns in logfiles and if it finds one, adds the source address to the firewall to prevent access. Usually prevention is for a period of time. So any error you can find in a log file - in theory at least - could be used in fail2ban.

Of course, fail2ban is only 1 part of a defence in depth strategy that you should be using to defend your servers. Think about 2FA, whitelisting IP addresses, geobanning, changing incoming IP port numbers from their defaults, timelocks, etc.

Yes it is useful (and mandatory almost) if you are planning on opening up mqtts to the whole internet

Once you have it setup and configured (for say 3 failed attempts) (and you will need to make sure your broker for mqtts either outputs to a logfile that fail2ban is monitoring - or change the config on failto2ban to look at the mosquitto logs

Then from a remote location try and force an mqtts connection from your clients with incorrect credentials - you can use a number of free tools to do this - or commandline tools depending on what you are comfortable with

Craig

[DEFAULT]

bantime = 600

findtime = 600

banaction = ufw

maxretry = 3

[mosquitto]
enabled = true
port = 8883
logpath = /var/log/auth.log

Still not successful ! where i am doing the mistake? Please @craigcurtin @TotallyInformation

Do Mosquitto login errors actually appear in that log?

What is fail2ban checking? Is it checking for the right text pattern?

Have you tried asking on a fail2ban forum, or an MQTT forum or on StackOverflow?

1 Like