Nathan Landale

The Technology for The Next Generation

How to install and configure fail2ban for even more SSH security
Computer, Gadget & Technology

How to install and configure fail2ban for even more SSH security

Computer security concept

Yuichiro Chino/Getty Images

SSH is essential for many Linux users, as it allows for the ability to log into remote servers and desktops to do various admin tasks. And although SSH is considerably more secure than what it replaced (Telnet), it’s not a guarantee on its own.

For example, a brute force attack will pummel your machine with login attempts until it gets the login credentials correct. You don’t want that to happen.

Also: The best Linux laptops

Fortunately, there’s a piece of software that can help prevent such problems. The software in question is called fail2ban and it can automatically block IP addresses being used for unwanted login attempts. 

Let me walk you through the process of installing and configuring fail2ban.

How to install fail2ban

What you’ll need: I’m going to demonstrate this on a Ubuntu-based desktop. If you’re using a Fedora-based desktop, you’ll need to only alter the installation command (switching from apt-get to dnf). 

Also: Ubuntu 24.04: Same as it ever was, but with 5 big improvements

So, you’ll need a running instance of any Ubuntu-based distribution and a user with sudo privileges. That’s all. Let’s get to the installation.

Fail2ban has to be installed via the terminal window, so open your favorite terminal window app and prepare to install.

To install fail2ban, issue the command:

sudo apt-get install fail2ban -y

With the installation complete, start and enable the fail2ban service with the command:

sudo systemctl enable --now fail2ban

Configuring fail2ban

We’re going to create a new configuration file, specific to SSH, that will define the port, filter, logpath, the number of failed attempts allowed before an IP address is blocked (maxretry), the amount of time between failed login attempts (findtime), the number of seconds for which an IP address is banned (bantime), and an IP address (the loopback address — which is that fail2ban will ignore.

Create the file with the command:

sudo nano /etc/fail2ban/jail.local

Also: Secure ShellFish might be the best SSH GUI client for MacOS

In that file, paste the following:

enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 300
bantime = 28800
ignoreip =

Save and close the file. Then, restart the fail2ban service with: 

sudo systemctl restart fail2ban

Where IP is the banned IP address. To rest fail2ban, go to a different machine on our network and attempt to log into the machine running fail2ban. Type the wrong password three times and the IP address of that machine will be blocked. If you attempt a fourth login, it will fail.

Also: Do you need antivirus on Linux?

You can unban that IP address (from the machine you originally logged in from) with the command:

sudo fail2ban-client set sshd unbanip IP

And that’s all there is to adding another layer of security on your system. You can now trust that unwanted SSH logins will be blocked and those offending IP addresses banned.

Source link