summaryrefslogtreecommitdiff
path: root/vimwiki/Blocked IP Addresses.md
diff options
context:
space:
mode:
Diffstat (limited to 'vimwiki/Blocked IP Addresses.md')
-rw-r--r--vimwiki/Blocked IP Addresses.md19
1 files changed, 19 insertions, 0 deletions
diff --git a/vimwiki/Blocked IP Addresses.md b/vimwiki/Blocked IP Addresses.md
new file mode 100644
index 0000000..6705f49
--- /dev/null
+++ b/vimwiki/Blocked IP Addresses.md
@@ -0,0 +1,19 @@
+An application called `fail2ban` blocks IP addresses with repeated failed login attempts.
+If a user is locked out of ssh connections, this is usually why.
+
+If you suspect this has happened to someone, you need to know which cluster address they are trying to
+log in to and ideally what IP address they are coming in from. Each machine that runs an ssh server
+has its own fail2ban list.
+
+As root on the machine that the user is trying to log in to, do
+
+`fail2ban-client set sshd unbanip IPADDRESS`
+
+Note that normal users log in to both headnode1 and headnode2, so the problem may show up on one or
+both of these machines. It can’t hurt to unban an IP that is not banned, so you can just do e.g.
+
+`sudo pdsh –w ‘headnode[1-2]’ fail2ban-client set sshd unbanip IPADDRESS`
+
+which will unban the IP on both head nodes2. If you have a problem working out the IP that’s banned,
+try looking at `/var/log/secure.log` on the login machine.
+
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-11 06:49:07 +0000