From 3b0142cedcde39e4c2097ecd916a870a3ced5ec6 Mon Sep 17 00:00:00 2001 From: Vito Graffagnino Date: Tue, 8 Sep 2020 18:10:49 +0100 Subject: Added the relevent parts of the .config directory. Alss add ssh config --- vimwiki/Blocked IP Addresses.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 vimwiki/Blocked IP Addresses.md (limited to 'vimwiki/Blocked IP Addresses.md') diff --git a/vimwiki/Blocked IP Addresses.md b/vimwiki/Blocked IP Addresses.md new file mode 100644 index 0000000..6705f49 --- /dev/null +++ b/vimwiki/Blocked IP Addresses.md @@ -0,0 +1,19 @@ +An application called `fail2ban` blocks IP addresses with repeated failed login attempts. +If a user is locked out of ssh connections, this is usually why. + +If you suspect this has happened to someone, you need to know which cluster address they are trying to +log in to and ideally what IP address they are coming in from. Each machine that runs an ssh server +has its own fail2ban list. + +As root on the machine that the user is trying to log in to, do + +`fail2ban-client set sshd unbanip IPADDRESS` + +Note that normal users log in to both headnode1 and headnode2, so the problem may show up on one or +both of these machines. It can’t hurt to unban an IP that is not banned, so you can just do e.g. + +`sudo pdsh –w ‘headnode[1-2]’ fail2ban-client set sshd unbanip IPADDRESS` + +which will unban the IP on both head nodes2. If you have a problem working out the IP that’s banned, +try looking at `/var/log/secure.log` on the login machine. + -- cgit v1.2.3