Fail2Ban is a free Python tool that helps protect Linux servers from brute-force attacks. It’s especially useful for securing SSH. With Fail2Ban, you can automatically block IPs that try to guess passwords on your server.
Why Use Fail2Ban for SSH Protection?
Brute-force attacks can cause thousands of failed login attempts every day. If your server uses password-based logins, you need a way to block attackers. Fail2Ban watches your log files and blocks any IP that tries—and fails—too many times.
Step 1: Update Your Ubuntu Server
First, make sure your system is up to date:
sudo apt update && sudo apt upgrade
Step 2: Install Fail2Ban
Install Fail2Ban using apt:
sudo apt-get install fail2ban
Enable Fail2Ban to start automatically:
sudo systemctl enable fail2ban.service
Step 3: Configure SSH Protection
Do not edit the default config file!
Instead, create a new file for your custom settings:
sudo nano /etc/fail2ban/jail.local
Add these lines to protect your SSH server:
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 300
bantime = 3600
ignoreip = 127.0.0.1
What these settings mean:
enabled
: Turns on protection for SSHmaxretry
: Blocks an IP after 3 failed loginsfindtime
: Looks for failed attempts in a 5-minute window (300 seconds)bantime
: Blocks the IP for 1 hour (3600 seconds)ignoreip
: Never blocks your own server
Step 4: Restart Fail2Ban
Apply your new settings by restarting Fail2Ban:
sudo systemctl restart fail2ban.service
Now, Fail2Ban will automatically block any IP that fails to log in 3 times in a row.
How to Unban an IP Address
If you need to remove a ban, follow this guide on unbanning with Fail2Ban.
With Fail2Ban, your Ubuntu server has stronger SSH brute-force protection. This makes your server safer and gives you peace of mind.
Leave a Reply