Debian / Ubuntu
Fedora / Rocky / RHEL
Install Fail2ban and monitor SSH connection attempts.
Initial system setup completed.
Logged in as administrative user.
Before getting started, update package repositories. Consider upgrading them as well for the latest patches.
# Debian sudo apt update sudo apt upgrade
# Fedora sudo dnf check-update sudo dnf upgrade
Fail2ban is an intrusion prevention software that protects your server from brute-force attacks.
Install Fail2ban via your system package manager.
# Debian sudo apt install fail2ban
# Fedora sudo dnf install fail2ban
Verify Fail2ban is enabled so it will start on boot.
sudo systemctl enable fail2ban
Create a Fail2ban configuration file to monitor SSH connection attempts.
sudo nano /etc/fail2ban/jail.local
In the file, specify the following configuration. This configuration will ban any IP address that makes 3 failed login attempts in 30 minutes for 25 hours. If you changed your SSH port, modify the
port configuration accordingly.
# Debian [sshd] enabled = true port = 22 filter = sshd logpath = /var/log/auth.log maxretry = 3 # 30 minute findtime findtime = 1800 # 25 hour ban bantime = 90000
# Fedora [sshd] enabled = true port = ssh filter = sshd logpath = %(sshd_log)s maxretry = 3 # 30 minute findtime findtime = 1800 # 25 hour ban bantime = 90000
Restart the Fail2ban service for changes to take effect.
sudo systemctl restart fail2ban