Brute-force SSH protection

To protect your server from brute-force SSH connection attempts, you can install fail2ban.

This program will monitor incoming connections and block IP addresses that try to log in with faulty credentials repeatedly.

sudo apt-get install -y fail2ban

sudo vim /etc/fail2ban/jail.d/ssh.local
/etc/fail2ban/jail.d/ssh.local
[sshd]
enabled = true
banaction = ufw
port = 22
filter = sshd
logpath = %(sshd_log)s
maxretry = 5

If you're using a non-standard SSH port that isn't 22 then you will need to change that in the cofig file above.

You can change the maxretry setting, which is the number of attempts it will allow before locking the offending address out.

Save the file and restart the service.

sudo systemctl restart fail2ban

Congratulations! You've successfully improved the security of your node 🥳

Last updated