Today I will be showing you how to enable Fail2Ban. One of the features of Fail2Ban is that it will automatically block anyone that fails to login to your ssh 5 times for 10 minutes by default although you can change this.
This will pretty much put an end to people being able to bruteforce your root password through ssh. You really should setup keys for ssh authentication which is something that I will be doing/explaining in another guide.
Installing Fail2Ban On Your Server
Let’s get started by installing Fail2Ban. You can actually install it with just one command and the default settings should do the trick.
Ubuntu / Debian
sudo apt-get install fail2ban && service fail2ban status
Fedora / Cent OS / Red Hat
sudo yum install epel-release sudo yum install fail2ban && service fail2ban status
Checking For Failed SSH Attempts
If you want to see how many failed ssh attempts there have been then you can run the following command.
grep sshd.\*Failed /var/log/auth.log
You should see a response something like this (the list is extremely long for this droplet so I will shorten it).
root [10:04:14] ~ > grep sshd.\*Failed /var/log/auth.log | tail June 30 09:49:46 chankeypathak sshd[17228]: Failed password for invalid user admin from 111.198.24.196 port 49454 ssh2 June 30 09:50:41 chankeypathak sshd[17248]: Failed password for root from 116.31.116.28 port 62627 ssh2
I hope you enjoyed this quick guide, if you have any comments then feel free to post them below! =)
