Contents[Show]

1. Intro

I've seen a significant increase in ssh port-knocking on my private servers, so figured I'd give Fail2ban a go.

This guide focuses on Fail2ban using CentOS 6.

For Ubuntu, use this instead; https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04.

Ubuntu 14.04 is stated, but works with little to no modifications for the latest Ubuntu 18.04 LTS Bionic Beaver as well.

 

2. Guide

  1. I followed this excellent guide over at Digital Ocean; https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-6.

  2. Did some changes to the /etc/fail2ban/jail.local.
    [sshd]
    enabled = true
    # Default ssh port setting
    #port = ssh
    # If you use something other than port 22 for ssh, this is where you set it. No, port 2222 is not my real ssh-port!
    port = 2222

    [DEFAULT]
    # Ignore any IP's on the internal network and the localhost
    ignoreip = 127.0.0.1 192.168.0.0/24
    bantime = 3600
    maxretry = 3
  3. Done, it's that simple!

 

 

3. Unblocking IP-addresses

Sometimes you need to unblock IP's. Use the fail2ban-client for this.

Unblock IP 192.168.0.100 from the ssh-jail.

# fail2ban-client set <JAIL> unbanip <IP>

For example:

#  fail2ban-client set ssh unbanip 192.168.0.100

 

 

 

 

4. Sources

https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-6

https://blog.mypapit.net/2011/07/how-to-secure-ssh-server-from-brute-force-and-ddos-with-fail2ban-ubuntu.html

https://serverfault.com/questions/382858/in-fail2ban-how-to-change-the-ssh-port-number