fail2ban ubuntu debian mint

Is your Ubuntu or Debian server experiencing brute-force attacks on SSH? In this article I am explaining how to secure your server against SSH attacks with fail2ban on Ubuntu and its derivatives (like Mint), as well as on Debian.

If you are looking for instruction for CentOS, see my other post.

fail2ban is a special software that is installed on a server to block intruders’ IP addresses after exceeding configured amount of failed login attempts.

fail2ban SSH on Ubuntu / Debian / Mint

Installation and configuration of fail2ban for SSH is very simple.

First we have to install required fail2ban meta-package:

sudo apt-get install fail2ban

Next, we have to create a configure file protect SSH with fail2ban. Create /etc/fail2ban/jail.d/ssh.local file and put the following content inside:

enabled = true
port = ssh
logpath = %(sshd_log)s
maxretry = 5

Save the file and then execute service fail2ban start command. Now you have installed, configured and started fail2ban SSH protection!

Don’t forget to make fail2ban to start at boot time with following command:

sudo update-rc.d fail2ban defaults

Learn more about Ubuntu