Other Fail2ban 1.1.0 and new OpenSSH_9.9p2 in FreeBSD 14.3-RELEASE

[dave_overton]

So, SSHD couldn't leave well enough alone, so now we have a new "sshd-session" line in AUTH instead of just "sshd". So Fail2ban doesn't see it at all. So of course your daily security reports are full of failed logins again.

Good news, you can fix it, grab this file from github: https://raw.githubusercontent.com/fail2ban/fail2ban/refs/heads/master/config/filter.d/sshd.conf

Stick that in the /usr/local/etc/fail2ban/filter.d folder and go on with your day.

Not using Fail2ban, okay, ignore this.

(please don't take just my word for all this, your server is your responsibility) (but this does fix this silly issue)

 

[sko]

...or just use blacklistd(8) which is a native solution, doesn't require python and doesn't rely on wonky regexp's that might fail, but instead directly acts upon notifications by the services (e.g. sshd) and hooks directly into the packet filter.
It even works seamlessly for services in jails (see -P option) and you can add/modify helpers to account for special scenarios (e.g. feeding blocked IPs into BGP to synchronize blocklists across firewalls/packet filters). I've been using it for a few years now and never looked back to fail2ban or any other 'logfile-crawler'