Setting Up Fail2Ban on Ubuntu to Monitor SSH

May 11, 2014

Why use Fail2Ban? Because numerous unknown individuals may be attempting to connect to your server or workstation through SSH.

Sounds good, how do I set it up?

1. Start by installing Fail2Ban:

sudo apt-get install fail2ban

2. We will want to make a backup copy of the original config file before we start editing:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.orig

3. Now let’s edit the configuration file. Open it in your favorite text editor. (I chose nano):

sudo nano /etc/fail2ban/jail.conf

4. I like to add my personal ip address to the ignoreip section to prevent myself from getting locked out. This can be done by editing the ignoreip line within the config file. Space separate the whitelisted domains or ip addresses.

ignoreip =

5. I like to decrease the maxretry value to 2. This will give me two attempts for connecting from an ip or domain other than my own. Any more than two I feel is me having a really bad day or a hack attempt. Edit the line that states maxretry = 3 to the following:

maxretry = 2

SSH monitoring is enabled by default, so there shouldn’t be much else to do for basic setup at this point. If you want to change the logging level or the location of the log file you can edit the fail2ban.conf file.

6. Now just restart Fail2Ban and you should be all set:

sudo service fail2ban restart


Disabling SSH Login for the Root User

May 10, 2014

Login to your server as a user with sudo capabilities.

Once logged it, you will want to edit the /etc/ssh/sshd_config file with your favorite editor to prevent root access (I chose nano):

sudo nano /etc/ssh/sshd_config

Look for the line that contains PermitRootLogin yes and change it to the following:

PermitRootLogin no

Save your changes and then restart SSH:

/etc/init.d/ssh restart