diff --git a/ChangeLog b/ChangeLog
index 73e0e047..bbc7a59e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,7 @@ ver. 1.0.1-dev-1 (20??/??/??) - development nightly edition
different from 0) in case of unsane environment.
### Fixes
+* restoring a large number (500+ depending on files ulimit) of current bans when using PyPy fixed
### New Features
diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
index c61cf960..12631cb3 100644
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@@ -52,7 +52,7 @@ cmnfailre = ^[aA]uthentication (?:failure|error|failed) for .*
^User .+ from not allowed because a group is listed in DenyGroups%(__suff)s$
^User .+ from not allowed because none of user's groups are listed in AllowGroups%(__suff)s$
^%(__pam_auth)s\(sshd:auth\):\s+authentication failure;(?:\s+(?:(?:logname|e?uid|tty)=\S*)){0,4}\s+ruser=\S*\s+rhost=(?:\s+user=\S*)?%(__suff)s$
- ^(error: )?maximum authentication attempts exceeded for .* from %(__on_port_opt)s(?: ssh\d*)?%(__suff)s$
+ ^maximum authentication attempts exceeded for .* from %(__on_port_opt)s(?: ssh\d*)?%(__suff)s$
^User .+ not allowed because account is locked%(__suff)s
^Disconnecting(?: from)?(?: (?:invalid|authenticating)) user \S+ %(__on_port_opt)s:\s*Change of username or service not allowed:\s*.*\[preauth\]\s*$
^Disconnecting: Too many authentication failures(?: for .+?)?%(__suff)s$
@@ -71,6 +71,7 @@ mdre-normal =
mdre-normal-other = ^(Connection closed|Disconnected) (?:by|from)%(__authng_user)s (?:%(__suff)s|\s*)$
mdre-ddos = ^Did not receive identification string from
+ ^kex_exchange_identification: client sent invalid protocol identifier
^Bad protocol version identification '.*' from
^Connection reset by
^SSH: Server;Ltype: (?:Authname|Version|Kex);Remote: -\d+;[A-Z]\w+:
diff --git a/fail2ban/server/utils.py b/fail2ban/server/utils.py
index d4461a7d..819d5a9f 100644
--- a/fail2ban/server/utils.py
+++ b/fail2ban/server/utils.py
@@ -260,7 +260,6 @@ class Utils():
if stdout is not None and stdout != '' and std_level >= logSys.getEffectiveLevel():
for l in stdout.splitlines():
logSys.log(std_level, "%x -- stdout: %r", realCmdId, uni_decode(l))
- popen.stdout.close()
if popen.stderr:
try:
if retcode is None or retcode < 0:
@@ -271,7 +270,9 @@ class Utils():
if stderr is not None and stderr != '' and std_level >= logSys.getEffectiveLevel():
for l in stderr.splitlines():
logSys.log(std_level, "%x -- stderr: %r", realCmdId, uni_decode(l))
- popen.stderr.close()
+
+ if popen.stdout: popen.stdout.close()
+ if popen.stderr: popen.stderr.close()
success = False
if retcode in success_codes:
diff --git a/fail2ban/tests/files/logs/sshd b/fail2ban/tests/files/logs/sshd
index 3b4f0a0a..0385f38c 100644
--- a/fail2ban/tests/files/logs/sshd
+++ b/fail2ban/tests/files/logs/sshd
@@ -305,6 +305,11 @@ Jul 17 23:04:01 srv sshd[1300]: Connection closed by authenticating user test 12
# filterOptions: [{"test.condition":"name=='sshd'", "mode": "ddos"}, {"test.condition":"name=='sshd'", "mode": "aggressive"}]
+# failJSON: { "match": false }
+Feb 17 17:40:17 sshd[19725]: Connection from 192.0.2.10 port 62004 on 192.0.2.10 port 22
+# failJSON: { "time": "2005-02-17T17:40:17", "match": true , "host": "192.0.2.10", "desc": "ddos: port scanner (invalid protocol identifier)" }
+Feb 17 17:40:17 sshd[19725]: error: kex_exchange_identification: client sent invalid protocol identifier ""
+
# failJSON: { "time": "2005-03-15T09:21:01", "match": true , "host": "192.0.2.212", "desc": "DDOS mode causes failure on close within preauth stage" }
Mar 15 09:21:01 host sshd[2717]: Connection closed by 192.0.2.212 [preauth]
# failJSON: { "time": "2005-03-15T09:21:02", "match": true , "host": "192.0.2.212", "desc": "DDOS mode causes failure on close within preauth stage" }