I just noticed that fail2ban was reporting that there had been no failed attempts to connect to my SSH server for a few days, which can't be right because they are almost constantly happening.
This seems to be because of a change in openssh 9.8:
* sshd(8): the server has been split into a listener binary, sshd(8),
and a per-session binary "sshd-session". This allows for a much
smaller listener binary, as it no longer needs to support the SSH
protocol. As part of this work, support for disabling privilege
separation (which previously required code changes to disable) and
disabling re-execution of sshd(8) has been removed. Further
separation of sshd-session into additional, minimal binaries is
planned for the future.
* sshd(8): several log messages have changed. In particular, some
log messages will be tagged with as originating from a process
named "sshd-session" rather than "sshd".It looks like this has already been fixed for the next release of fail2ban in this commit.
But until then a quick fix is to modify filter.d/sshd.conf and change the [DEFAULT] section so that
_daemon = sshdbecomes
_daemon = sshd(?:-session)?There also seems to be another new issue which results in the warning fail2ban.ipdns WARNING Unable to find a corresponding IP address for connection: [Errno -2] Name or service not known.
This is because of new sshd log messages which look like Timeout before authentication for connection from 12.34.56.78 to 218.92.0.51, pid = 17466.
There didn't seem to be any equivalent log messages in openssh before 9.8 though, so it's not really breaking anything - just producing a warning message in the fail2ban logs.