[GH-ISSUE #78] feat: auto-whitelist SSH IP in Fail2Ban and deduplicate entries #3

New issue

Closed

opened 2026-03-02 02:59:16 +03:00 by kerem · 0 comments

kerem commented 2026-03-02 02:59:16 +03:00

Owner

Copy link

Originally created by @Kuuchuu on GitHub (Nov 19, 2025).
Original GitHub issue: https://github.com/buildplan/du_setup/issues/78

When setting up Fail2Ban, users connecting via SSH risk accidentally locking themselves out if their IP is not on the ignoreip list. Automating the addition of the user's SSH IP to the ignoreip list can help eliminate this possibility while also reducing potential lockout due to a misconfiguration/typo.
Additionally, if IPs are added manually, the ignoreip list can accumulate duplicate entries, making the configuration cluttered and potentially harder to manage.

I propose two enhancements to the Fail2Ban setup process:

1. Automatic SSH IP Whitelisting:
   • The script should detect the IP address of the current SSH session (from the $SSH_CONNECTION variable).
   • It should then prompt the user, asking if they want to add this detected IP to the Fail2Ban ignoreip list. This provides a convenient way to prevent accidental lockouts.
2. ignoreip List Deduplication:
   • Before writing the jail.local configuration, the script should process the array of IPs to be ignored and remove any duplicate entries. This ensures the final ignoreip list is always clean.

Originally created by @Kuuchuu on GitHub (Nov 19, 2025). Original GitHub issue: https://github.com/buildplan/du_setup/issues/78 When setting up Fail2Ban, users connecting via SSH risk accidentally locking themselves out if their IP is not on the `ignoreip` list. Automating the addition of the user's SSH IP to the `ignoreip` list can help eliminate this possibility while also reducing potential lockout due to a misconfiguration/typo. Additionally, if IPs are added manually, the `ignoreip` list can accumulate duplicate entries, making the configuration cluttered and potentially harder to manage. I propose two enhancements to the Fail2Ban setup process: 1. Automatic SSH IP Whitelisting: - The script should detect the IP address of the current SSH session (from the `$SSH_CONNECTION` variable). - It should then prompt the user, asking if they want to add this detected IP to the Fail2Ban `ignoreip` list. This provides a convenient way to prevent accidental lockouts. 2. `ignoreip` List Deduplication: - Before writing the jail.local configuration, the script should process the array of IPs to be ignored and remove any duplicate entries. This ensures the final `ignoreip` list is always clean.

kerem 2026-03-02 02:59:16 +03:00

• closed this issue
• added the
  enhancement
  label

kerem referenced this issue 2026-03-02 02:59:21 +03:00

[PR #3] [MERGED] sync test #11

kerem referenced this issue 2026-03-02 02:59:22 +03:00

[PR #4] [MERGED] cosmetic #12

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

modular_wip

v0.80.5

v0.80.4

v0.80.3

v0.80.2

v0.80.1

v0.80.0

v0.79.1

v0.79.0

v0.78.5

v0.78.4

v0.78.3

v0.78.2

v0.78.1

v0.78

v0.77.2

v0.77.1

v0.77

v0.76

v0.75

v0.74

v0.73

v0.72

v0.71

v0.70.1

v0.70

v0.69

v0.68

v0.67

v0.66

v0.65

v0.64

v0.63

v0.62

v0.61

v0.60

v0.59

v0.58

v0.57

v0.56

v0.55

v0.54

v0.53

0.53

v0.52

v0.51

v0.50

v4.3

v4.2

v4.1

v4.0

v3.13

v3.12

v3.11

v3.10

v3.9

Labels

Clear labels   

bug

  

enhancement

  

enhancement

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

enhancement

enhancement

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/du_setup#3

No description provided.