Fail2Ban is a security tool that protects your server against brute force attacks, especially via SSH. It monitors logs and automatically blocks IP addresses that make repeated incorrect login attempts. It significantly reduces the risk of intrusion and is a must-have on a VPS with a public IP.
Why use Fail2Ban?
- Protects against brute force attacks on SSH, FTP, mail servers, etc.
- Blocks attacking IP addresses automatically via the firewall (iptables/nftables).
- Requires minimal resources.
Install and configure Fail2Ban on Ubuntu 24.04
Time needed: 15 minutes
Step-by-Step: Install Fail2Ban on Ubuntu 24.04
- Install Fail2Ban
sudo apt install fail2ban -y - Copy the default configuration
Create a local configuration file that is not overwritten during updates:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local - Enable SSH protection
Open the configuration file:
sudo nano /etc/fail2ban/jail.local
Add or verify that the following is present:[sshd]enabled = trueport = sshlogpath = %(sshd_log)smaxretries = 5 - Start and activate Fail2Ban
sudo systemctl enable --now fail2ban - Verify that it works
sudo fail2ban-client status sshd
You should see “Status for the jail: sshd” and the number of bans (0 if no failed attempts yet).
Tip
- Log file:
/var/log/fail2ban.logshows what Fail2Ban does. - Firewall: Make sure you don't block yourself. Whitelist your own IP in
/etc/fail2ban/jail.localif you are coming from a fixed IP address. - Extended protection: Fail2Ban can also protect e.g. Nginx, Apache, Postfix – but SSH is most important to start with.
