How to Protect SSH With Fail2Ban on Debian 13 (Trixie)

---

Fail2Ban is an intrusion prevention tool that protects your SSH (and other services) by monitoring log files and banning IPs that show signs of malicious activity.

Update the System

---

apt update && apt upgrade -y

Install Fail2Ban

---

apt install -y fail2ban

Enable and start the service:

systemctl enable fail2ban
systemctl start fail2ban

Check status:

systemctl status fail2ban

Configure Fail2Ban for SSH

---

Fail2Ban’s default configuration protects SSH. For customization, copy the default config:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the jail.local file:

nano /etc/fail2ban/jail.local

Locate the [sshd] section and ensure it looks like:

[sshd]
enabled = true
port    = ssh
logpath = %(sshd_log)s
maxretry = 5
bantime  = 1h
findtime = 10m

Explanation:

• maxretry: number of failed login attempts
• bantime: how long the IP is banned (1 hour here)
• findtime: time window to count failures (10 minutes here)

Save and exit.

Restart Fail2Ban

---

systemctl restart fail2ban

Check Fail2Ban SSH Status

---

Check if the SSH jail is active:

fail2ban-client status sshd

You’ll see output like:

root@server:~# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed: 1
|  |- Total failed:     1
|  `- Journal matches:  _SYSTEMD_UNIT=ssh.service + _COMM=sshd
`- Actions
   |- Currently banned: 3
   |- Total banned:     3
   `- Banned IP list:   196.251.86.239 87.107.144.108 95.85.47.10

Conclusion

---

Your SSH service is now protected with Fail2Ban on Debian 13.
This helps block brute-force login attempts and adds an extra layer of security to your server.