SSH Lockdown during Scan

Merry Christmas,

I installed the OpenVAS scanner and ran it against my own web server, which is hosted by a provider, for testing purposes. So far everything has worked quite well, the performance was the biggest issue that I still have to solve before I can use the scanner productively. The scanner also made me aware of how carelessly I had ignored my Nextcloud instance hosted on the server. Thanks to the community for this.

What I also noticed was a temporary lockdown of my SSH access, which indicates that the fail2ban filter has been triggered and blocked my IP. Of course, this shouldn’t happen during a productive scan, especially if it’s run from the company’s infrastructure. Which part of the scan is responsible for this and how can it be prevented? Are there more effects like this that I just haven’t noticed yet, or is this even intentional, possibly as an indication of compromise? Not everyone who uses such a scanner is a white hat.

Bye Cyberduck

Hello and welcome to this community forums.

There is a quite extensive “Read Before Use” chapter available here:

The lockdown of the SSH access can be solving by adding the scanners IP address to the whilelist / allowlist functionality of Fail2Ban on the target host(s).