How to install and configure fail2ban for even more SSH security
SSH is essential for many Linux users, as it allows for the ability to log into remote servers and desktops to do various admin tasks. And although SSH is considerably more secure than what it replaced (Telnet), it’s not a guarantee on its own.
For example, a brute force attack will pummel your machine with login attempts until it gets the login credentials correct. You don’t want that to happen.
Also: The best Linux laptops
Fortunately, there’s a piece of software that can help prevent such problems. The software in question is called fail2ban and it can automatically block IP addresses being used for unwanted login attempts.
Let me walk you through the process of installing and configuring fail2ban.
How to install fail2ban
What you’ll need: I’m going to demonstrate this on a Ubuntu-based desktop. If you’re using a Fedora-based desktop, you’ll need to only alter the installation command (switching from apt-get to dnf).
Also: Ubuntu 24.04: Same as it ever was, but with 5 big improvements
So, you’ll need a running instance of any Ubuntu-based distribution and a user with sudo privileges. That’s all. Let’s get to the installation.
Fail2ban has to be installed via the terminal window, so open your favorite terminal window app and prepare to install.
To install fail2ban, issue the command:
sudo apt-get install fail2ban -y
With the installation complete, start and enable the fail2ban service with the command:
sudo systemctl enable --now fail2ban
Configuring fail2ban
We’re going to create a new configuration file, specific to SSH, that will define the port, filter, logpath, the number of failed attempts allowed before an IP address is blocked (maxretry), the amount of time between failed login attempts (findtime), the number of seconds for which an IP address is banned (bantime), and an IP address (the loopback address — which is 127.0.0.1) that fail2ban will ignore.
Create the file with the command:
sudo nano /etc/fail2ban/jail.local
Also: Secure ShellFish might be the best SSH GUI client for MacOS
In that file, paste the following:
[sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 findtime = 300 bantime = 28800 ignoreip = 127.0.0.1
Save and close the file. Then, restart the fail2ban service with:
sudo systemctl restart fail2ban
Where IP is the banned IP address. To rest fail2ban, go to a different machine on our network and attempt to log into the machine running fail2ban. Type the wrong password three times and the IP address of that machine will be blocked. If you attempt a fourth login, it will fail.
Also: Do you need antivirus on Linux?
You can unban that IP address (from the machine you originally logged in from) with the command:
sudo fail2ban-client set sshd unbanip IP
And that’s all there is to adding another layer of security on your system. You can now trust that unwanted SSH logins will be blocked and those offending IP addresses banned.
READ MORE HERE