Merge pull request #296 from Enrico204/develop

Added better logging for fail2ban
author: James Moger <james.moger@gmail.com> 2015-08-10 15:39:19 -0400
committer: James Moger <james.moger@gmail.com> 2015-08-10 15:39:19 -0400
commit: 51aa4f20fcf39a225e91aaa5da350d1f9fda6424 (patch)
tree: 3d700478e2fe503a6dd88af19b2866430ffe85e4
parent: 25e1a620b028ddeb5c4670d1109efdf466f8baa6 (diff)
parent: b7fccafeebc639746d2bd82042d28f4ef0f24648 (diff)
download: gitblit-51aa4f20fcf39a225e91aaa5da350d1f9fda6424.tar.gz
gitblit-51aa4f20fcf39a225e91aaa5da350d1f9fda6424.zip
3 files changed, 22 insertions, 1 deletions
diff --git a/build.xml b/build.xml
index 8544573b..65fc0432 100644
--- a/build.xml
+++ b/build.xml
@@ -513,6 +513,7 @@
 						<page name="bugtraq" src="setup_bugtraq.mkd" />
 						<page name="mirrors" src="setup_mirrors.mkd" />
 						<page name="scaling" src="setup_scaling.mkd" />
+						<page name="fail2ban" src="setup_fail2ban.mkd" />
 						<divider />
 						<page name="Gitblit as a viewer" src="setup_viewer.mkd" />
 					</menu>
diff --git a/src/main/java/com/gitblit/transport/ssh/UsernamePasswordAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/UsernamePasswordAuthenticator.java
index c4e69dcd..d7c4fe5e 100644
--- a/src/main/java/com/gitblit/transport/ssh/UsernamePasswordAuthenticator.java
+++ b/src/main/java/com/gitblit/transport/ssh/UsernamePasswordAuthenticator.java
@@ -57,7 +57,7 @@ public class UsernamePasswordAuthenticator implements PasswordAuthenticator {
 			return true;
 		}
 
-		log.warn("could not authenticate {} for SSH using the supplied password", username);
+		log.warn("could not authenticate {} ({}) for SSH using the supplied password", username, client.getRemoteAddress());
 		return false;
 	}
 }
diff --git a/src/site/setup_fail2ban.mkd b/src/site/setup_fail2ban.mkd
new file mode 100644
index 00000000..928f7a84
--- /dev/null
+++ b/src/site/setup_fail2ban.mkd
@@ -0,0 +1,20 @@
+## Configure fail2ban for Gitblit-SSH
+
+This procedure is based on a Debian installation of [fail2ban](http://www.fail2ban.org/), but it should works in any installation.
+
+First, create a new filter file `gitblit.conf` in filter directory (Debian: `/etc/fail2ban/filter.d/`) or into `filter.conf` file. Here an example:
+
+    [Definition]
+    failregex = could not authenticate .*? \(/<HOST>:[0-9]*\) for SSH using the supplied password$
+    ignoreregex =
+
+Then edit `jail.conf` to add "gitblit" service (Debian: `/etc/fail2ban/jail.conf`). For example:
+
+    [gitblit]
+    enabled = true
+    port = 22
+    protocol = tcp
+    filter = gitblit
+    logpath = /var/log/gitblit.log
+
+Restart fail2ban to apply (Debian: `/etc/init.d/fail2ban restart`).
author	James Moger <james.moger@gmail.com>	2015-08-10 15:39:19 -0400
committer	James Moger <james.moger@gmail.com>	2015-08-10 15:39:19 -0400
commit	51aa4f20fcf39a225e91aaa5da350d1f9fda6424 (patch)
tree	3d700478e2fe503a6dd88af19b2866430ffe85e4
parent	25e1a620b028ddeb5c4670d1109efdf466f8baa6 (diff)
parent	b7fccafeebc639746d2bd82042d28f4ef0f24648 (diff)
download	gitblit-51aa4f20fcf39a225e91aaa5da350d1f9fda6424.tar.gz gitblit-51aa4f20fcf39a225e91aaa5da350d1f9fda6424.zip