Fail2ban not working with ssh log using tunnels

What is the name of the domain?

irrelavant

What is the error number?

there is none

What is the error message?

fail2ban doesn’t react to multiple incorrect ssh attemps

What is the issue you’re encountering

I have been experimenting with trying to add fail2ban for my ssh connections over cloudflare tunnels. I setup a custom jail using cloudflare action with the right API token. However, fail2ban doesn’t react. My amateur guess is that fail2ban doesn’t see the right IP address inside /var/log/auth.log. Apparently all IPs are “::1” and I am not sure if there is a way to show the actual visitor one. I read you can use nginx to proxy the request with the right headers but that seemed only for http/https. Any help would be appreciated :slight_smile:

The origin server is going to see the connection coming from the IP address of the server running the tunnel. In this case that is the same machine hence the loop back address on the logs.

Okay, thank you for the explanation. Is there any way for the ssh logs to get the attempts of actual IPs then? Or in general, making the fail2ban function on ssh connections?