🚧 Protecting SSH Access with Fail2Ban

Fail2Ban helps protect your VPS from brute-force attacks by automatically banning IPs that show malicious signs — like repeated failed SSH logins.

This guide shows you how to set it up for basic protection.

Step 1: Install Fail2Ban

On Debian/Ubuntu systems:

sudo apt update
sudo apt install fail2ban -y

Once installed, the service should start automatically.

Check status:

sudo systemctl status fail2ban

Step 2: Configure Fail2Ban for SSH

Start by copying the default config:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Now open the new file:

sudo nano /etc/fail2ban/jail.local

Find the [sshd] section and ensure it's enabled:

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
maxretry = 5
bantime = 1h
findtime = 10m

⚠️ Adjust maxretry, bantime, and findtime based on how strict you want the banning to be.

Step 3: Restart and Enable Fail2Ban

Apply the configuration:

sudo systemctl restart fail2ban
sudo systemctl enable fail2ban

To see current jails and banned IPs:

sudo fail2ban-client status
sudo fail2ban-client status sshd

Unban an IP (if needed)

If you accidentally ban yourself or someone else:

sudo fail2ban-client set sshd unbanip YOUR_IP_ADDRESS

✅ Done!

Fail2Ban is now actively monitoring your SSH logs and banning attackers. Combine this with SSH keys and a firewall for a much stronger setup.

Consider adding notifications (like email alerts) or extending protection to other services (e.g., Nginx, Postfix).

---

Built by Node Runners.
For the Networks We Believe In.
🌐 astrostake.xyz