How To Protect SSH With Fail2Ban On Ubuntu 26 04

How To Protect SSH With Fail2Ban on Ubuntu 26.04

What is Fail2Ban?

Fail2Ban is an intrusion prevention tool written in Python.
It monitors logs from services like SSH, ProFTP, and Apache and uses iptables rules to ban IPs showing malicious signs, like multiple failed login attempts.

Installing the Fail2Ban Package

Update the System

Update and upgrade your system packages:

apt update -y
apt upgrade -y

Install Fail2Ban

Install Fail2Ban using:

apt install fail2ban -y

Enable the Fail2Ban service to start at boot:

systemctl enable fail2ban

To start fail2ban, run the following command.

systemctl start fail2ban

Check the status:

systemctl status fail2ban

Output:

root@server:~# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset:>
     Active: active (running) since Mon 2026-04-27 18:23:32 UTC; 19s ago
 Invocation: eee272576969491abba0a38ad1b7e355
       Docs: man:fail2ban(1)
   Main PID: 7362 (fail2ban-server)
      Tasks: 5 (limit: 8826)
     Memory: 17.4M (peak: 19.3M)
        CPU: 623ms
     CGroup: /system.slice/fail2ban.service
             └─7362 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Apr 27 18:23:32 server systemd[1]: Started fail2ban.service - Fail2Ban Service.
Apr 27 18:23:32 server fail2ban-server[7362]: Server ready

Configuring Fail2Ban

Create a Local Configuration File

Instead of editing the default jail.conf, copy it to create a jail.local file:

cp /etc/fail2ban/jail.{conf,local}

Open the jail.local file for editing:

nano /etc/fail2ban/jail.local

Whitelisting IP Addresses

Find the ignoreip line and uncomment it:

#ignoreip = 127.0.0.1/8 ::1

Modify it to whitelist your IPs:

ignoreip = 192.168.0.100 192.168.1.0/24

You can add multiple IP addresses separated by a space.

Ban Settings

Adjust the following parameters using nano:

bantime  = 10m
findtime = 10m
maxretry = 5

bantime: Duration an IP is banned (e.g., 10 minutes)
findtime: Time window to detect repeated failures
maxretry: Number of failed attempts allowed

Set bantime to a negative value for a permanent ban.

Get Email Notifications (Optional)

Note: You must have an SMTP server configured to send emails.

Find and enable the action_mwl section:

action_mwl = %(action_)s
             %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]

Configure the sender and receiver addresses:

destemail = admin@xyz.com
sender = root@xyz.com

Using the Fail2Ban Client

Check Available Commands

View Fail2Ban client options:

fail2ban-client -h

Check Jail Status

Check the status of the SSH jail:

fail2ban-client status sshd

Unban an IP address:

fail2ban-client set sshd unbanip "IP_ADDRESS_HERE"

Ban an IP

Manually ban an IP:

fail2ban-client set sshd banip "IP_ADDRESS_HERE"

✅ Now your Ubuntu 26.04 server is better protected against SSH brute-force attacks using Fail2Ban!

In this guide,

CrownCloud

Get a SSD powered KVM VPS at $4.5/month!

1 GB RAM / 25 GB SSD / 1 CPU Core / 1 TB Bandwidth per month

Use Code:

WELCOME

for 10% off!

Get Started Now!

CrownCloud - Get a SSD powered KVM VPS at $4.5/month!

Use the code `WELCOME` for 10% off!

1 GB RAM / 25 GB SSD / 1 CPU Core / 1 TB Bandwidth per month

Available Locations: LAX | MIA | ATL | FRA | AMS

Get Started Now!