Tag Archives: brute force

Fail2ban notes

General notes about Fail2ban

How to “SSH” brute force

If you want to make safer your remote server, it is good practise to use a good combination of sshd setup and fail2ban.

Firstly, you should setup your server to allow only key auth, and no passwords. This will drastically reduce the risk. This means anyway that you need to keep your ssh key safe and you won’t be able to access your server unless you have this key. Most of the time is something possible 🙂

For this reason, I’m explaining here how I configured my server.

SSHD

/etc/ssh/sshd_config

Have these settings in the config file (NOTE: the verbosity is for Fail2ban)

(restart sshd)

/etc/fail2ban/jail.local

/etc/fail2ban/filter.d/sshd.conf

Add a custom section after the ddos one:

This line matches whoever tries to connect without a proper ssh key.

Add this line to include custom to the sshd-aggressive setup: