# Fail2Ban filter for openssh for Alpine
#
# If you want to protect OpenSSH from being bruteforced by password
# authentication then get public key authentication working before disabling
# PasswordAuthentication in sshd_config.
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = sshd

failregex = Failed [-/\w]+ for .* from <HOST> port \d* ssh2
            sshd\[.*\]: Invalid user .* from <HOST> port \d*
            sshd\[.*\]: Received disconnect from <HOST> port \d*:[0-9]+:  \[preauth\]

ignoreregex = 

[Init]

# "maxlines" is number of log lines to buffer for multi-line regex searches
maxlines = 10