[FreeNX-kNX] fail2ban and freenx

Fabian Franz FabianFranz at gmx.de
Fri Mar 14 09:35:28 UTC 2008

> Hi,
>   I started to use fail2ban, an application that read log files and when 
> it finds an IP that is trying to login too many times and failing it 
> blocks it in the firewall for ten minutes. This is to prevent 
> dictionary attacks. I wanted to see if it finds my nx login failures 
> but unfortunately when nx client is login in it first login from its IP 
> using the key, and then using a password from So the 
> failures are registering on and not on the real IP.
>   Please tell me if there is some log file where login failures would be 
> registered with the real IP and the time of failure.  Or if I can 
> modify something to get that.

You can modify nxserver.

Search for 404 and add a syslog command or whatever. The IP can be gotten from SSH_CLIENT.


echo "NX> 404 [...]"
syslog [... params ...] "Failed login for USER $USER. IP=$SSH_CLIENT".

Or whatever.

As I pointed out in IRC you can also use another public/private key pair, which you deploy to clients to reach your goal of preventing attackers. 

Best Regards,


More information about the FreeNX-kNX mailing list