blob: 6705f49c5f4d05391a5d2eded77545aafe5a4774 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
An application called `fail2ban` blocks IP addresses with repeated failed login attempts.
If a user is locked out of ssh connections, this is usually why.
If you suspect this has happened to someone, you need to know which cluster address they are trying to
log in to and ideally what IP address they are coming in from. Each machine that runs an ssh server
has its own fail2ban list.
As root on the machine that the user is trying to log in to, do
`fail2ban-client set sshd unbanip IPADDRESS`
Note that normal users log in to both headnode1 and headnode2, so the problem may show up on one or
both of these machines. It can’t hurt to unban an IP that is not banned, so you can just do e.g.
`sudo pdsh –w ‘headnode[1-2]’ fail2ban-client set sshd unbanip IPADDRESS`
which will unban the IP on both head nodes2. If you have a problem working out the IP that’s banned,
try looking at `/var/log/secure.log` on the login machine.
|
