How to Protect Your SSH Server from Brute-Force Attacks with Fail2Ban on Ubuntu


Fail2Ban is a free Python tool that helps protect Linux servers from brute-force attacks. It’s especially useful for securing SSH. With Fail2Ban, you can automatically block IPs that try to guess passwords on your server.

Why Use Fail2Ban for SSH Protection?

Brute-force attacks can cause thousands of failed login attempts every day. If your server uses password-based logins, you need a way to block attackers. Fail2Ban watches your log files and blocks any IP that tries—and fails—too many times.


Step 1: Update Your Ubuntu Server

First, make sure your system is up to date:

sudo apt update && sudo apt upgrade

Step 2: Install Fail2Ban

Install Fail2Ban using apt:

sudo apt-get install fail2ban

Enable Fail2Ban to start automatically:

sudo systemctl enable fail2ban.service

Step 3: Configure SSH Protection

Do not edit the default config file!
Instead, create a new file for your custom settings:

sudo nano /etc/fail2ban/jail.local

Add these lines to protect your SSH server:

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 300
bantime = 3600
ignoreip = 127.0.0.1

What these settings mean:

  • enabled: Turns on protection for SSH
  • maxretry: Blocks an IP after 3 failed logins
  • findtime: Looks for failed attempts in a 5-minute window (300 seconds)
  • bantime: Blocks the IP for 1 hour (3600 seconds)
  • ignoreip: Never blocks your own server

Step 4: Restart Fail2Ban

Apply your new settings by restarting Fail2Ban:

sudo systemctl restart fail2ban.service

Now, Fail2Ban will automatically block any IP that fails to log in 3 times in a row.


How to Unban an IP Address

If you need to remove a ban, follow this guide on unbanning with Fail2Ban.


With Fail2Ban, your Ubuntu server has stronger SSH brute-force protection. This makes your server safer and gives you peace of mind.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *