Docs / Security / Setting Up Fail2Ban to Protect SSH

Setting Up Fail2Ban to Protect SSH

By Admin · Feb 25, 2026 · Updated Apr 23, 2026 · 29 views · 1 min read

What is Fail2Ban?

Fail2Ban monitors log files for failed authentication attempts and automatically bans offending IP addresses using firewall rules. It is essential protection against brute-force attacks.

Installation

sudo apt update
sudo apt install -y fail2ban

Configuration

Create a local config file (never edit the defaults):

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit /etc/fail2ban/jail.local:

[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5
banaction = nftables-multiport

[sshd]
enabled = true
port = ssh
logpath = /var/log/auth.log
maxretry = 3
bantime = 24h

Start and Enable

sudo systemctl enable --now fail2ban

Managing Bans

# Check status of SSH jail
sudo fail2ban-client status sshd

# Unban an IP
sudo fail2ban-client set sshd unbanip 198.51.100.50

# Ban an IP manually
sudo fail2ban-client set sshd banip 198.51.100.50

Adding More Jails

# Protect Nginx from brute force
[nginx-http-auth]
enabled = true
logpath = /var/log/nginx/error.log

# Protect against aggressive bots
[nginx-botsearch]
enabled = true
logpath = /var/log/nginx/access.log

View Ban Log

sudo tail -f /var/log/fail2ban.log

Was this article helpful?

Related Articles