Fail2Ban prevents brute-force attacks against your SSH port, so a script can’t try a zillion username/password combinations – they can only try 3 at a time before being banned.
$ sudo apt-get update $ sudo apt-get install fail2ban
The initial settings are located at /etc/fail2ban/jail.conf. However do not edit any of these settings in your /etc/fail2ban/jail.conf file. Instead, edit the /etc/fail2ban/jail.local file and add your configurations there.
Create a new file, /etc/fail2ban/jail.local:
$ sudo nano /etc/fail2ban/jail.local
And add the following:
[ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log bantime = 900 banaction = iptables-allports findtime = 900 maxretry = 3
It’s enabled. It’s watching the SSH port. Ban time is 15min. Three tries.
Restart the service:
$ sudo service fail2ban restart
At this point Fail2Ban is configured. Note that all bans will be cleared upon restarting Fail2Ban or rebooting your server. If you ban yourself, you can simply restart your Raspberry Pi.
You can check your IPTables list with the following command to see all your banned IP Addresses:
$ sudo iptables -L -n --line