rustdesk-server icon indicating copy to clipboard operation
rustdesk-server copied to clipboard

Published 20 hours ago verified publisher icon rustdesk

Add option to log (failed) authentication attempts to enable the usage of tools like fail2ban and crowdsec

Open netw0rk-noob opened this issue 1 year ago • 5 comments
trafficstars

Is your feature request related to a problem? Please describe. Right now everyone can connect to the server repeatedly as often as he wants to try bruteforcing the pre-shared key which is needed to authenticate to the server. Besides that, denial-of-service attacks are possible. That is due to the fact that rustdesk does not log (failed) authentication attempts (with source ip addresses) anywhere which would make it possible to use tools like fail2ban or crowdsec to ban repeated offenders.

Describe the solution you'd like I'd like rustdesk-server to add an option to enable auth logging which would log (failed) authentication attempts to a logfile which could be used by above mentioned daemons to ban ip adresses which repeatedly fail to authenticate against the server.

Describe alternatives you've considered I did enable debug logs by adding Environment="RUST_LOG=debug" to the systemd unit which is starting rustdesk-server according to the FAQ but since that logs all connections and doesnt differentiate between successful/failed authentications using fail2ban on it creates the risk of banning legitimate users. That risk gets even greater when considering the fact that a successfully established remote control session logs 8 lines containing the source ip address while an illegitimate connection (trying to connect with a wrong key specified in the Client settings under network -> ID/Relay server -> Key) only logs 2 lines.

netw0rk-noob avatar Jul 01 '24 08:07 netw0rk-noob

It is definitely something that would be useful, I'm looking forward this exact same feature too!

ArtDmn avatar Jul 09 '24 13:07 ArtDmn

Would be really nice to let Fail2Ban monitor rustdesk

kramttocs avatar Jan 01 '25 06:01 kramttocs

Throwing my vote in there to add a login failed line for crowdsec parsing

Edit: I'll even write the crowdsec parser and some scenarios, just need the actual failed auth log line to parse.

baudneo avatar Apr 21 '25 02:04 baudneo

Would love to see this for Crowdsec / fail2ban, too. Maybe for both: RustDesk Pro Dashboard-Login-Page and the Service in general.

jamfx avatar May 19 '25 17:05 jamfx

Anything is better than NOTHING. Security is paramount for a project that sells itself on being a secure, convenient method to access your devices remotely.

baudneo avatar May 25 '25 15:05 baudneo

I just set up rustdesk for a company and also want to get it integrated with crowdsec and possibly SIEM. Please make it easier for us to handle security.

masterjuggler avatar Oct 02 '25 02:10 masterjuggler

One more vote to keep it recent. We badly need it to improve security.

cfprocha avatar Oct 20 '25 14:10 cfprocha

Thanks!

Just for reference:

log::warn!("Relay authentication failed from {} - invalid key", addr);

log::warn!("Authentication failed from {} for peer {} - invalid key", addr, ph.id);

kramttocs avatar Nov 03 '25 16:11 kramttocs