Fail2ban

Configuring Fail2Ban for SSH Protection on Ubuntu

sudo apt update
sudo apt install fail2ban -y
fail2ban-client -V

cd /etc/fail2ban
sudo cp jail.conf jail.local
sudo nano jail.local

Locate the [sshd] section and configure the following settings:

[sshd]
enabled = true
port = ssh
logpath = /var/log/auth.log
maxretry = 3
bantime = 9999999
findtime = 600

Whitelist Trusted IPs (Optional)

sudo nano /etc/fail2ban/jail.local

Add the following under [sshd]

ignoreip = 127.0.0.1/8 <your-trusted-ip>

sudo systemctl reload fail2ban

sudo ufw allow ssh
sudo ufw enable
sudo ufw reload

sudo systemctl start fail2ban
sudo systemctl enable fail2ban
sudo systemctl status fail2ban

Monitor

sudo fail2ban-client status sshd

sudo cat /var/log/fail2ban.log

Last updated 11 months ago