How To Protect SSH With Fail2Ban On Ubuntu 25 04

How To Protect SSH With Fail2Ban on Ubuntu 25.04

What is Fail2Ban?

Fail2Ban is an intrusion prevention tool written in Python.
It monitors logs from services like SSH, ProFTP, and Apache and uses iptables rules to ban IPs showing malicious signs, like multiple failed login attempts.

Installing the Fail2Ban Package

Update the System

Update and upgrade your system packages:

apt update -y
apt upgrade -y

Install Fail2Ban

Install Fail2Ban using:

apt install fail2ban -y

Enable the Fail2Ban service to start at boot:

systemctl enable fail2ban

Check the status:

systemctl status fail2ban

Output:

root@server:~# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset:>
     Active: active (running) since Sat 2025-04-26 17:12:49 UTC; 28s ago
 Invocation: 7ec603f5fc1a4866ba66bb51c3174d6c
       Docs: man:fail2ban(1)
   Main PID: 4086 (fail2ban-server)
      Tasks: 5 (limit: 3985)
     Memory: 28.4M (peak: 32.3M)
        CPU: 1.416s
     CGroup: /system.slice/fail2ban.service
             └─4086 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Apr 26 17:12:49 server systemd[1]: Started fail2ban.service - Fail2Ban Service.
Apr 26 17:12:51 server fail2ban-server[4086]: Server ready

Configuring Fail2Ban

Create a Local Configuration File

Instead of editing the default jail.conf, copy it to create a jail.local file:

cp /etc/fail2ban/jail.{conf,local}

Open the jail.local file for editing:

nano /etc/fail2ban/jail.local

Whitelisting IP Addresses

Find the ignoreip line and uncomment it:

#ignoreip = 127.0.0.1/8 ::1

Modify it to whitelist your IPs:

ignoreip = 192.168.0.100 192.168.1.0/24

You can add multiple IP addresses separated by a space.

Ban Settings

Adjust the following parameters using nano /etc/fail2ban/jail.local:

bantime  = 10m
findtime  = 10m
maxretry = 5

bantime: Duration an IP is banned (e.g., 10 minutes).
findtime: Time window to detect repeated failures.
maxretry: Number of failed attempts allowed.

Set bantime to a negative value for a permanent ban.

Get Email Notifications (Optional)

Note: You must have an SMTP server configured to send emails.

Find and enable the action_mwl section:

action_mwl = %(action_)s
             %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]

Configure the sender and receiver addresses:

destemail = admin@xyz.com
sender = root@xyz.com

Using the Fail2Ban Client

Check Available Commands

View Fail2Ban client options:

fail2ban-client -h

Check Jail Status

Check the status of the SSH jail:

fail2ban-client status sshd

Unban an IP address:

fail2ban-client set sshd unbanip "IP_ADDRESS_HERE"

Ban an IP

Manually ban an IP:

fail2ban-client set sshd banip "IP_ADDRESS_HERE"

✅ Now your Ubuntu 25.04 server is better protected against SSH brute-force attacks using Fail2Ban!

In this guide,

CrownCloud

Get a SSD powered KVM VPS at $4.5/month!

1 GB RAM / 25 GB SSD / 1 CPU Core / 1 TB Bandwidth per month

Use Code:

WELCOME

for 10% off!

Get Started Now!

CrownCloud - Get a SSD powered KVM VPS at $4.5/month!

Use the code `WELCOME` for 10% off!

1 GB RAM / 25 GB SSD / 1 CPU Core / 1 TB Bandwidth per month

Available Locations: LAX | MIA | ATL | FRA | AMS

Get Started Now!