Install Fail2ban to protect SSH on your Linux VPS (Ubuntu/Debian)

Fail2ban is a common security tool that monitors authentication logs and temporarily bans IP addresses that show malicious patterns (for example, repeated failed SSH logins).

This article covers a typical setup for Ubuntu/Debian. Commands may differ on other distributions.

1) Install Fail2ban

sudo apt update
sudo apt -y install fail2ban

2) Create a local configuration file

Do not edit jail.conf directly. Create jail.local instead:

sudo nano /etc/fail2ban/jail.local

Example configuration for SSH (sshd):

[sshd]
enabled = true
port    = ssh
maxretry = 5
findtime = 10m
bantime  = 1h

Tip: If you have a fixed IP, you can whitelist it using ignoreip (be careful with this setting).

3) Enable and restart Fail2ban

sudo systemctl enable --now fail2ban
sudo systemctl restart fail2ban

4) Check status

sudo fail2ban-client status
sudo fail2ban-client status sshd

5) Unban an IP (if you accidentally blocked yourself)

sudo fail2ban-client set sshd unbanip 203.0.113.10

Notes

• Fail2ban bans IPs at the firewall level. Make sure you have another access method (console) before making aggressive rules.
• Combine Fail2ban with SSH keys and disabled password authentication for best results.