I've seen a significant increase in ssh port-knocking on my private servers, so figured I'd give Fail2ban a go.
This guide focuses on Fail2ban using CentOS 6.
For Ubuntu, use this instead; https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04.
Ubuntu 14.04 is stated, but works with little to no modifications for the latest Ubuntu 18.04 LTS Bionic Beaver as well.
- I followed this excellent guide over at Digital Ocean; https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-6.
- Did some changes to the /etc/fail2ban/jail.local.
enabled = true
# Default ssh port setting
#port = ssh
# If you use something other than port 22 for ssh, this is where you set it. No, port 2222 is not my real ssh-port!
port = 2222
# Ignore any IP's on the internal network and the localhost
ignoreip = 127.0.0.1 192.168.0.0/24
bantime = 3600
maxretry = 3
- Done, it's that simple!
3. Unblocking IP-addresses
Sometimes you need to unblock IP's. Use the fail2ban-client for this.
Unblock IP 192.168.0.100 from the ssh-jail.
# fail2ban-client set <JAIL> unbanip <IP>
# fail2ban-client set ssh unbanip 192.168.0.100