Ubuntu 22.04, the latest long-term support release, is an excellent choice for hosting servers due to its stability and reliability. But even the most secure operating system can be vulnerable if you don’t take the necessary precautions. One of the essential steps in securing your server is safeguarding your SSH service. In this article, we’ll show you the configuration how to protect and Secure SSH with Fail2Ban on Ubuntu 22.04.
Table of Contents
What is SSH and Why Secure It?
Basically SSH (Secure Shell) is a protocol that allows you to access a remote server securely. It’s a fundamental tool for server administration, file transfers, and more. However, SSH can be a prime target for malicious actors trying to gain unauthorized access to your server.
By securing SSH, you ensure that only authorized users can connect to your server, reducing the risk of intrusion and potential data breaches. Fail2Ban is a robust and user-friendly tool that helps achieve this.
Prerequisites
Before we dive into how to protect and Secure SSH with Fail2Ban on Ubuntu 22.04, make sure you have the following:
- An active Ubuntu 22.04 server and a regular user with sudo privileges. If you’re unsure about how to create a user with these privileges, feel free to check out our guide on Initial Setup Ubuntu Server 22.04: Secure and Efficient.
- If you’d like to test the ban functionality intentionally, you may also want to have a second server ready to connect to your primary server.
Installing Fail2Ban
Before we dive into protecting SSH, we need to install Fail2Ban. Open your terminal and run the following command:
$ sudo apt update
$ sudo apt install fail2ban
This will install Fail2Ban on your Ubuntu 22.04 server. After installation, Fail2ban will automatically establish a background service. Nonetheless, it remains deactivated by default due to the potential undesirable consequences of some default settings. You can confirm this status by employing the ‘systemctl’ following command.
$ systemctl status fail2ban.service
Output
○ fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; disabled; vendor preset: enabled
Active: inactive (dead)
Docs: man:fail2ban(1)
You have the option to enable Fail2ban immediately; however, it’s a good idea to first explore some of its features.
Once the installation is complete, we can proceed with the configuration.
Secure SSH with Fail2Ban
SSH Configuration
Open the SSH configuration file by running:
$ sudo nano /etc/ssh/sshd_config
Find the following line and set the value to ‘yes’:
PasswordAuthentication no
This ensures that password-based authentication is disabled, making your server more secure.
Fail2Ban Configuration
Now, let’s configure Fail2Ban to monitor SSH. Create a custom configuration file for SSH by running:
$ sudo nano /etc/fail2ban/jail.d/ssh.local
Add the following content to the file:
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 1800
ignoreip = 127.0.0.1/8
This configuration establishes a Fail2ban jail titled “[sshd]” designed to safeguard the SSH (Secure Shell) service. Let’s dissect each element:
- enabled = true: This line affirms that the “[sshd]” jail is in an active state, signifying that it actively monitors and guards against unauthorized access attempts.
- port = ssh: This indicates the specific port number, which is typically 22, where the SSH service operates. Fail2ban diligently watches this port for any suspicious activities.
- filter = sshd: This points to the name of the filter that needs to be applied to supervise the SSH service. The filter rules articulate what events to scrutinize and how to identify potentially malicious behaviors.
- logpath = /var/log/auth.log: This pinpoints the location of the log file, typically found at /var/log/auth.log, where authentication-related SSH events are documented. Fail2ban diligently scans this log file for signs of unauthorized access attempts.
- maxretry = 3: This establishes the threshold for the maximum number of allowable failed login attempts before Fail2ban takes responsive action. If there are three or more consecutive failed attempts originating from the same IP address, Fail2ban will intervene.
- bantime = 1800: This dictates the duration, measured in seconds, for which an IP address remains banned once it surpasses the maximum threshold for failed attempts. In this case, the ban endures for 1800 seconds, which equates to 30 minutes.
- ignoreip = 127.0.0.1/8: Any attempts originating from these listed IP addresses will not be counted towards the maximum retry count. Notably, localhost (127.0.0.1) is included in this list. This configuration is crucial as it prevents you from accidentally locking yourself out of your own Fail2ban server.
Restart Services
Now, restart both the SSH and Fail2Ban services:
$ sudo systemctl restart ssh
$ sudo systemctl restart fail2ban
Fail2Ban is now configured to protect your SSH service. If an IP address exceeds the maximum login attempts, it will be temporarily banned.
Checking Fail2Ban Status
To check the status of Fail2Ban and monitor banned IP addresses, run the following command:
$ sudo fail2ban-client status sshd
You will see a list of banned IP addresses and their corresponding jails.
Customizing Fail2Ban Settings
If you wish to customize configuration Fail2Ban’s settings, you can edit the /etc/fail2ban/jail.local
file. This file allows you to change parameters like the number of allowed retries and the ban duration.
Conclusion
By following this straightforward guide, you’ve learned how to secure SSH with Fail2Ban on Ubuntu 22.04. Your server is now better protected against unauthorized access, reducing the risk of security breaches.
First thing to remember, server security is an ongoing process. Regularly updating your server and monitoring your logs is essential to maintaining a secure environment. Keep your Ubuntu 22.04 server and SSH access safe with the power of Fail2Ban.
To Sum It Up
- Ubuntu 22.04 is a stable choice for hosting servers.
- SSH is a secure protocol for remote server access.
- Fail2Ban is an essential tool for protecting SSH from unauthorized access.
- The installation and configuration of Fail2Ban are straightforward.
- Regularly monitor your server to maintain a secure environment.
Also Read Our Other Guides :
- How To Secure SSH with Fail2Ban on Rocky Linux 9
- How To Secure SSH with Fail2Ban on Debian 11
- How To Secure SSH with Fail2Ban on CentOS 7
Finally, now you have learned how to protect and Secure SSH with Fail2Ban, bolster your server’s security, and keep your data safe on Ubuntu 22.04 with Fail2Ban.