[FreeNX-kNX] fail2ban and freenx

[Fabian Franz]

> Hi,
> 
> 
> 
>   I started to use fail2ban, an application that read log files and when 
> it finds an IP that is trying to login too many times and failing it 
> blocks it in the firewall for ten minutes. This is to prevent 
> dictionary attacks. I wanted to see if it finds my nx login failures 
> but unfortunately when nx client is login in it first login from its IP 
> using the key, and then using a password from 127.0.0.1. So the 
> failures are registering on 127.0.0.1 and not on the real IP.
> 
>   Please tell me if there is some log file where login failures would be 
> registered with the real IP and the time of failure.  Or if I can 
> modify something to get that.

You can modify nxserver.

Search for 404 and add a syslog command or whatever. The IP can be gotten from SSH_CLIENT.

So:

echo "NX> 404 [...]"
syslog [... params ...] "Failed login for USER $USER. IP=$SSH_CLIENT".

Or whatever.

As I pointed out in IRC you can also use another public/private key pair, which you deploy to clients to reach your goal of preventing attackers. 

Best Regards,

Fabian