> ## Documentation Index
> Fetch the complete documentation index at: https://help.freakhosting.com/llms.txt
> Use this file to discover all available pages before exploring further.
# How to Set Up Fail2Ban for SSH on Ubuntu
> Hardened your Ubuntu server against brute-force attacks. Learn how to install and configure Fail2Ban to automatically block malicious IP addresses.
## Hardening Your Server Security
Protecting your Virtual Private Server (VPS) from unauthorized access is a fundamental responsibility for every system administrator. Brute-force attacks, where malicious bots attempt to guess your SSH password thousands of times per minute, are a constant threat on the open internet. **Fail2Ban** is a strong security application that mitigates this risk by monitoring your server logs for failed login attempts and automatically updating your firewall to block the offending IP addresses. This guide will walk you through the professional configuration of Fail2Ban on an Ubuntu environment.
Intermediate
10 Minutes
***
## Step 1: Installation & Initialization
Follow these commands to deploy the service from the official Ubuntu repositories.
Ensure your server is using the latest metadata:
```bash theme={null}
sudo apt update
```
Deploy the Fail2Ban package:
```bash theme={null}
sudo apt install fail2ban -y
```
Instruct the system to automatically start Fail2Ban during the boot sequence:
```bash theme={null}
sudo systemctl enable --now fail2ban
```
***
## Step 2: Strategic Configuration
To maintain a secure and update-resistant environment, we recommend creating a localized configuration file. This prevents your custom rules from being overwritten during future software updates.
Open a new configuration file with administrative privileges:
```bash theme={null}
sudo nano /etc/fail2ban/jail.local
```
Copy and paste the following baseline configuration into the editor:
```ini theme={null}
[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5
banaction = iptables-multiport
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
```
Press `CTRL + X`, then `Y`, then `Enter` to save. Restart the service to initialize the new ruleset:
```bash theme={null}
sudo systemctl restart fail2ban
```
***
## Step 3: Administrative Management
Once active, you can use the `fail2ban-client` utility to monitor and manage your security status.
View a summary of blocked addresses and active jails:
```bash theme={null}
sudo fail2ban-client status sshd
```
If a legitimate user is accidentally restricted, use the following command to restore their access:
```bash theme={null}
sudo fail2ban-client set sshd unbanip [IP_ADDRESS]
```
### Accidental Self-Lockout
If you inadvertently block your own IP address and lose SSH access, do not panic. Log in to the [VPS Control Panel](https://cloud.freakhosting.com) and use the **[VNC Console](/portals/vps-panel/how-to-enable-and-use-vnc-console-access)** to access your server out-of-band and execute the unban command.
***
### Need Extra Help?
If you encounter any issues, our support team is ready to assist:
* **Live Chat:** Quick assistance via our website.
* **Support Ticket:** [Open a Ticket](https://freakhosting.com/clientarea/submitticket.php)
* **Discord:** [Join our Community](https://discord.gg/freakhosting)
* **Email:** [support@freakhosting.com](mailto:support@freakhosting.com)
### Save on Your Hosting
Ready to get a new server? Use code **KB20** at checkout for **20% off** your first month!
***
**Last Updated:** February 2026 | **Security Note:** Always use SSH keys for maximum protection.