How to install and configure fail2ban for even more SSH security

We Keep you Connected

How to install and configure fail2ban for even more SSH security

Most Popular
'ZDNET Recommends': What exactly does it mean?
ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.
ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.
SSH is essential for many Linux users, as it allows for the ability to log into remote servers and desktops to do various admin tasks. And although SSH is considerably more secure than what it replaced (Telnet), it's not a guarantee on its own.
For example, a brute force attack will pummel your machine with login attempts until it gets the login credentials correct. You don't want that to happen.
Also: The best Linux laptops
Fortunately, there's a piece of software that can help prevent such problems. The software in question is called fail2ban and it can automatically block IP addresses being used for unwanted login attempts. 
Let me walk you through the process of installing and configuring fail2ban.
What you'll need: I'm going to demonstrate this on a Ubuntu-based desktop. If you're using a Fedora-based desktop, you'll need to only alter the installation command (switching from apt-get to dnf). 
Also: Ubuntu 24.04: Same as it ever was, but with 5 big improvements
So, you'll need a running instance of any Ubuntu-based distribution and a user with sudo privileges. That's all. Let's get to the installation.
Fail2ban has to be installed via the terminal window, so open your favorite terminal window app and prepare to install.
To install fail2ban, issue the command:
With the installation complete, start and enable the fail2ban service with the command:
We're going to create a new configuration file, specific to SSH, that will define the port, filter, logpath, the number of failed attempts allowed before an IP address is blocked (maxretry), the amount of time between failed login attempts (findtime), the number of seconds for which an IP address is banned (bantime), and an IP address (the loopback address — which is that fail2ban will ignore.
Create the file with the command:
Also: Secure ShellFish might be the best SSH GUI client for MacOS
In that file, paste the following:
Save and close the file. Then, restart the fail2ban service with: 
Where IP is the banned IP address. To rest fail2ban, go to a different machine on our network and attempt to log into the machine running fail2ban. Type the wrong password three times and the IP address of that machine will be blocked. If you attempt a fourth login, it will fail.
Also: Do you need antivirus on Linux?
You can unban that IP address (from the machine you originally logged in from) with the command:
And that's all there is to adding another layer of security on your system. You can now trust that unwanted SSH logins will be blocked and those offending IP addresses banned.