Setting Up Fail2Ban on Ubuntu to Monitor SSH

May 11, 2014

Why use Fail2Ban? Because numerous unknown individuals may be attempting to connect to your server or workstation through SSH.

Sounds good, how do I set it up?

1. Start by installing Fail2Ban:

sudo apt-get install fail2ban

2. We will want to make a backup copy of the original config file before we start editing:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.orig

3. Now let’s edit the configuration file. Open it in your favorite text editor. (I chose nano):

sudo nano /etc/fail2ban/jail.conf

4. I like to add my personal ip address to the ignoreip section to prevent myself from getting locked out. This can be done by editing the ignoreip line within the config file. Space separate the whitelisted domains or ip addresses.

ignoreip = 127.0.0.1/8 mydomain.com

5. I like to decrease the maxretry value to 2. This will give me two attempts for connecting from an ip or domain other than my own. Any more than two I feel is me having a really bad day or a hack attempt. Edit the line that states maxretry = 3 to the following:

maxretry = 2

SSH monitoring is enabled by default, so there shouldn’t be much else to do for basic setup at this point. If you want to change the logging level or the location of the log file you can edit the fail2ban.conf file.

6. Now just restart Fail2Ban and you should be all set:

sudo service fail2ban restart


Disabling SSH Login for the Root User

May 10, 2014

Login to your server as a user with sudo capabilities.

Once logged it, you will want to edit the /etc/ssh/sshd_config file with your favorite editor to prevent root access (I chose nano):

sudo nano /etc/ssh/sshd_config

Look for the line that contains PermitRootLogin yes and change it to the following:

PermitRootLogin no

Save your changes and then restart SSH:

/etc/init.d/ssh restart


Add New Sudo User on Ubuntu Using Command Line

May 10, 2014

First start by creating the user from your root account (This command will prompt you for the password and other user related information):

root@yourdomain.com:~# adduser username

Next type the following command and hit Enter:

visudo

Now look for the section where you see root ALL=(ALL:ALL) ALL. We want to duplicate this line for our new user we just created so the type the following just below that line and save your changes:

username ALL=(ALL:ALL) ALL

Now login as your new user:

ssh username@your_server_ip_address