Disclaimer: This post has been translated to English using a machine translation model. Please, let me know if you find any mistakes.
With Fail2ban we can block IPs that try to connect to one of our devices. Here I will explain how to configure the blocking when they attempt to connect via SSH.
Installation
The installation is very simple, we just have to do
sudo apt update
sudo apt install fail2ban
Configuration file
Once installed, we modify the configuration file by doing
sudo nano /etc/fail2ban/jail.conf
We go down to the part where it says [sshd]
, in my case I left it like this
[sshd]
bantime = 172800
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 3
What it does is that if someone makes 3 connection retries, it bans that IP for 48 hours (172800 seconds).
Check the logs
We can check through the logs if any IP has been blocked with
cat /var/log/fail2ban.log