I am using open ssh server container on a host open to internet. My logs are full of random scans, but all of them are logged with client IP of 10.0.0.2
. How do I get real client IP exposed to openssh container, so that I can add fail2ban or similar approach?
2021-09-24 19:25:51.679801062 Failed password for invalid user vagrant from 10.0.0.2 port 48040 ssh2
2021-09-24 19:25:51.681088955 Failed password for invalid user root from 10.0.0.2 port 48030 ssh2
2021-09-24 19:25:51.682022926 Failed password for invalid user test from 10.0.0.2 port 48034 ssh2
2021-09-24 19:25:51.684935041 Could not get shadow information for NOUSER
2021-09-24 19:25:51.686733724 Failed password for invalid user ec2-user from 10.0.0.2 port 48028 ssh2
2021-09-24 19:25:51.695385366 Failed password for invalid user oracle from 10.0.0.2 port 48038 ssh2
2021-09-24 19:25:58.106181006 Connection closed by invalid user guest 10.0.0.2 port 48036 [preauth]
2021-09-24 19:25:58.109143991 Connection closed by invalid user postgres 10.0.0.2 port 48042 [preauth]
2021-09-24 19:25:58.109847168 Connection closed by invalid user ubuntu 10.0.0.2 port 48032 [preauth]
2021-09-24 19:25:58.112933244 Connection closed by invalid user root 10.0.0.2 port 48030 [preauth]
2021-09-24 19:25:58.114633318 Connection closed by invalid user test 10.0.0.2 port 48034 [preauth]
2021-09-24 19:25:58.114645725 Connection closed by invalid user vagrant 10.0.0.2 port 48040 [preauth]
2021-09-24 19:25:58.114648151 Connection closed by invalid user ec2-user 10.0.0.2 port 48028 [preauth]
2021-09-24 19:25:58.114650262 Connection closed by invalid user oracle 10.0.0.2 port 48038 [preauth]