Hardening Your Server Security
Fail2Ban monitors your server’s login attempts and automatically blocks IP addresses that show malicious behavior. This is a critical step in preventing brute-force attacks on your SSH port.
| Reading Time | Difficulty | Last Updated |
|---|
| 10 minutes | Intermediate | January 2026 |
Quick Navigation
| Section | What You’ll Learn |
|---|
| 1. Installation | Getting the software on your server |
| 2. Enable Service | Ensuring it runs on boot |
| 3. Configuration | Setting up rules for SSH |
| 4. Management | Checking and unblocking IPs |
Step 1: Install Fail2Ban
Run these commands to update your package list and install the service:
sudo apt update
sudo apt install fail2ban -y
Step 2: Start and Enable Fail2Ban
Ensure the service starts automatically whenever your server restarts:
sudo systemctl enable --now fail2ban
Create a local configuration file (jail.local) to define your security rules. We use a .local file because the default .conf file can be overwritten during updates.
sudo nano /etc/fail2ban/jail.local
[DEFAULT]
# Ban hosts for one hour:
bantime = 1h
findtime = 10m
maxretry = 5
banaction = iptables-multiport
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
CTRL + X, then Y, then Enter.
Step 4: Restart and Verify
Apply your changes by restarting the service and checking its status:
sudo systemctl restart fail2ban
sudo fail2ban-client status sshd
Managing Blocked IPs
Checking Blocked Addresses
sudo fail2ban-client status sshd
Unblocking an IP
If you accidentally lock yourself or a legitimate user out, run:
sudo fail2ban-client set sshd unbanip IP_ADDRESS
Locked Out?
If you lose SSH access entirely, use the VNC Access via your FREAKHOSTING VPS Control Panel to log in and unban your IP.
View VNC GuideSupport Channels
If you need assistance or have any questions, please contact our support team:First Month Discount
Use code KB20 at checkout to get 20% off your first month of hosting!
Last Updated: January 2026 | Security Note: Always use SSH keys for maximum protection.