1. Intro

I've seen a significant increase in ssh port-knocking on my private servers, so figured I'd give Fail2ban a go.

This guide focuses on Fail2ban using CentOS 6.

For Ubuntu, use this instead;

Ubuntu 14.04 is stated, but works with little to no modifications for the latest Ubuntu 18.04 LTS Bionic Beaver as well.


2. Guide

  1. I followed this excellent guide over at Digital Ocean;

  2. Did some changes to the /etc/fail2ban/jail.local.
    enabled = true
    # Default ssh port setting
    #port = ssh
    # If you use something other than port 22 for ssh, this is where you set it. No, port 2222 is not my real ssh-port!
    port = 2222

    # Ignore any IP's on the internal network and the localhost
    ignoreip =
    bantime = 3600
    maxretry = 3
  3. Done, it's that simple!



3. Unblocking IP-addresses

Sometimes you need to unblock IP's. Use the fail2ban-client for this.

Unblock IP from the ssh-jail.

# fail2ban-client set <JAIL> unbanip <IP>

For example:

#  fail2ban-client set ssh unbanip





4. Sources