Built-in automatic blocklist

Question

Built-in automatic blocklist

vholer opened this issue a year ago · 3 comments

It would be nice if it's possible to configure sshpiper to apply some IP-based restrictions on clients after a number of failed attempts. Similar functionality is usually provided by tools like fail2ban / denyhosts, but in Kubernetes envs. it's not that easy to use these.

Possible options:

max. number of failed attempts,
timeframe,
ban time,
always allowed / blocked ranges

Successful login resets the counter. Persistence of state across restarts is not IMHO importatnt.

Answer 1 · 2023-05-31T16:50:11.000Z

maybe bake fail2ban into image?

Answer 2 · 2023-06-01T02:23:30.000Z

Related draft to discuss #158.

Answer 3 · 2023-07-11T08:32:43.000Z

https://github.com/tg123/sshpiper/tree/master/plugin/failtoban