Skip to main content

Secure SSH server under Linux with Fail2ban

Fail2ban protects your SSH server from unauthorized access attempts. It will monitor the log files and block any IP addresses that show signs of malicious activity, helping to keep your server secure.


Update Server

Make sure that your system is up to date by running the following command:

sudo apt update && sudo apt upgrade -y

Install Fail2ban

sudo apt install fail2ban


Copy Configuration file

Copy the default Fail2ban configuration file to a new file so that you can edit:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit Conffigurtaion file

sudo nano /etc/fail2ban/jail.local

Scroll down to the [sshd] section and modify the enabled setting to true:

enabled = true
maxretry = 3
findtime = 1d
bantime = 4w
ignoreip =

Save the configuration file with CTRL + X followed by Y close with RETURN.

Restart Fail2ban Service

sudo systemctl restart fail2ban

Start Fail2ban

To ensure that Fail2ban starts automatically when the system boots up, run the following command:

sudo systemctl enable fail2ban

Check Fail2ban status

This will show you the status of all the jail services that are enabled, including the sshd jail.

sudo systemctl status fail2ban

Response should look like this:

user@datenschmutz:~# sudo systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor pres>
Drop-In: /usr/lib/systemd/system/fail2ban.service.d
Active: active (running) since Wed 2022-09-28 12:23:48 CEST; 2 months 23 d>
Docs: man:fail2ban(1)
Main PID: 1331502 (fail2ban-server)
Tasks: 25 (limit: 9485)
Memory: 47.0M
CGroup: /system.slice/fail2ban.service
└─1331502 /usr/bin/python2 /usr/bin/fail2ban-server -xf start

List banned IPs

To see a list of IP addresses that have been banned by Fail2ban, run the following command:

sudo fail2ban-client statussshd

This will show you a list of IP addresses that have been banned due to failed login attempts.

That's it! You should now have Fail2ban configured to protect your SSH server from unauthorized access attempts.