This project demonstrates how to install and configure Fail2Ban on a Linux server to secure SSH against brute-force attacks. Fail2Ban scans log files for intrusion attempts and blocks IP addresses that have too many failed login attempts.
Make sure your system is up to date. Run the following command to update and upgrade your system packages:
sudo apt update && sudo apt upgrade -y
Install Fail2Ban by running the following command:
sudo apt install fail2ban -y
Once Fail2Ban is installed, we need to configure it. Open the Fail2Ban configuration file jail.local:
sudo nano /etc/fail2ban/jail.local
Add the following configuration to protect the SSH service:
[sshd] enabled = true port = ssh logpath = /var/log/auth.log maxretry = 3 bantime = 600 findtime = 600
To apply the new configuration, restart the Fail2Ban service with:
sudo systemctl restart fail2ban
Check if the Fail2Ban service is running properly:
sudo systemctl status fail2ban
You should see the status of Fail2Ban as active, indicating that it's running correctly.
To verify that Fail2Ban is successfully protecting your SSH service, use the following command:
sudo fail2ban-client status sshd
This command should show the status of your SSH protection, including the number of IPs that are currently banned.
I have included the Fail2Ban configuration file as part of this repository. You can find the configuration file here:
This project demonstrates the installation and configuration of Fail2Ban on a Linux server to secure SSH from brute-force attacks. The configuration used in this project can be adapted to secure other services and can help improve server security.