Linux & VPS

How to Install and Use Fail2ban (Stop SSH Brute-Force)

6 min read Updated 15 June 2026 ESAGAMES Team

If your SSH logs are full of failed login attempts, fail2ban is the answer. It watches your logs and automatically bans any IP that fails too many times — turning a constant stream of attacks into background noise. Here is how to set it up.

What it does

Fail2ban scans log files for repeated failures (such as bad SSH logins) and adds a temporary firewall ban for the offending IP. It is the standard first line against brute-force bots.

Step 1: install it

On Debian/Ubuntu and RHEL-family systems it is one package:

# Debian / Ubuntu
sudo apt install fail2ban

# RHEL / AlmaLinux / Rocky
sudo dnf install fail2ban

Step 2: create a local config

Never edit the shipped config directly — it gets overwritten on updates. Create a jail.local that overrides it:

sudo nano /etc/fail2ban/jail.local

A sensible SSH jail looks like this:

[sshd]
enabled  = true
port     = ssh
maxretry = 4
findtime = 10m
bantime  = 1h

That bans an IP for one hour after four failed attempts within ten minutes. Raise bantime for repeat offenders.

Step 3: start and enable it

sudo systemctl enable --now fail2ban

Step 4: check status and bans

# overall status
sudo fail2ban-client status

# the SSH jail (shows banned IPs)
sudo fail2ban-client status sshd

Unbanning an IP (e.g. yourself)

Banned your own IP by mistake? Unban it:

sudo fail2ban-client set sshd unbanip 1.2.3.4
Fail2ban will not stop a targeted attacker, but it makes your server invisible to the endless background noise of credential-guessing bots.

Combine it with key-only SSH and a firewall for proper protection — all in the VPS hardening checklist.

Less log spam, more uptime

Run fail2ban on a protected ESAGAMES VPS — brute-force noise filtered, attacks absorbed at the network.

See VPS hosting
FAQ

Frequently asked questions

Does fail2ban replace strong SSH security?

No — it complements it. The strongest setup is key-only SSH (so brute-force is impossible anyway) plus fail2ban to keep your logs clean and ban noisy IPs.

Where does fail2ban store its config?

The defaults live in /etc/fail2ban/jail.conf — but put your changes in /etc/fail2ban/jail.local, which overrides the defaults and survives package updates.

How do I unban an IP?

Run: sudo fail2ban-client set unbanip — for example "sudo fail2ban-client set sshd unbanip 1.2.3.4".

Knowledge base

Related articles

Linux & VPS

Fix SSH "Connection refused" / "Connection timed out"

SSH "connection refused" vs "timed out" — what each means and the exact steps to fix them.

Read fix Linux & VPS

Fix "Permission denied" on Linux (chmod & chown Explained)

"Permission denied" on a script or file? Understand chmod/chown and fix it the right way.

Read fix Linux & VPS

How to Check CPU, RAM & Disk Usage on a Linux Server

The essential commands to check CPU, RAM and disk on Linux — and find what's eating them.

Read fix

Skip the troubleshooting

Managed, protected hosting in Frankfurt — we handle the Linux, the network and the DDoS so you don't have to.

Game hosting All articles
Payments Secure checkout with cards, banking apps and digital wallets.

Choose the payment flow that fits your stack and region without leaving the platform.

Pay by Zen Visa Mastercard Paysafecard PaysafeCash Skrill Trustly Bancontact UnionPay iDeal WebMoney