As a system administrator, it’s hard for me to imagine a quiet life without Fail2ban.
This service tracks logs of many services, such as a web server, mail server, openssh-server and so on. In case of suspicious activity (as a rule, many unsuccessful authorizations), it automatically blocks (using iptables rules) for some time the ip-address from which these authorizations were. Setting up Fail2ban is a separate topic.
In this article, let’s talk about how to unlock yourself or another user who accidentally entered an incorrect password and was blocked by Fail2ban.
1. You need to log in to ssh under another ip-address to the server as root (or under another user, with sudo rights or then execute the “su -” procedure to get root-rights).
2. To see which IP addresses are blocked, type the following command:
iptables -L -n
If the output of the command is very long, then you can do so:
iptables -L -n | less
3. Next, find the chain fail2ban-ssh (we are talking about locking on ssh, if another service, find the corresponding chain), where our IP should be:
Chain fail2ban-ssh(1 references)
target prot opt source destination
RETURN all - 0.0.0.0/0 0.0.0.0/0
4. To remove the IP address from the Fail2ban lock, you need to run the following command (aa.bb.cc.dd – the IP you want to unlock):
iptables -D fail2ban-ssh -s aa.bb.cc.dd -j DROP
After that, the user will be able to reconnect to the server via ssh.