Self checkmate

Posted on 2018-12-23 Updated on 2019-10-03

Simple story showing how to miss tiny point about securing with fail2ban.

I had to copy some data to my server. Brand new laptop, so I've tried with the password. Normal account scp to /tmp/ - what could get wrong. I've missed small and big letters, or something like that, and did that not once... No, problem, checked password, with my pass storage , and tried again. Server is dead. Or better to say - ssh is dead. Web works, ssh- is not. Sooo - lets try with my main/root account - dead as for other account.

At that moment - IPS was guilty - they did something to my communication! nc - shows - nothing... and... after some time... it started working. Guess what? I was so happy that mistyped password again. And it happened again. I mean ssh down again.

This time I had some idea what causes the problem - so spent some time on doing something else. Tried sending email, but that service was also down... Anyway, after some time I've opened connection to root account, not to loose connection with the server. And tried again. This time everything worked well.

What caused the issue? I have fail2ban installed, and policy was quite strict... It block IP, when 2 consecutive failures happened. Self checkmate.