Fail2ban – a service that can greatly “cool the ardor” of bots continuously trying to find a password for your server.

Install fail2ban packages from the epel repository

If the epel package is not installed, enter the commands

user @ localhost: ~ $ sudo yum -y install epel-release

Afrer install fail2ban itself

user @ localhost: ~ $ sudo yum -y install fail2ban

Activate sshd protection in fai2ban settings

Open the file /etc/fail2ban/jail.conf for editing, in the first lines we find the lines

# [sshd] # enabled = true

Then delete the first characters ‘#’, it should work

[sshd]

enabled = true

Restart the service

user@localhost:~$ sudo systemctl restart fail2ban

Check the general status

user@localhost:~$ sudo fail2ban-client status

You should be see something like

Status
|- Number of jail: 1
`- Jail list: sshd

user@localhost:~$ sudo fail2ban-client status sshd

Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 15
| - Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd - Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:

Do not check how the blocking works from the same IP from which you are already connected via SSH and configure fail2ban, you may lose connection for a long time).

We try to enter the wrong password 4 times to our host from any IP (for example, from 11.12.13.14). If everything works correctly for 5-6 times an unsuccessful login, the password will no longer be requested and the connection will be refused

user@localhost:~$ sudo fail2ban-client status sshd

Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 20
| - Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd - Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: 11.12.13.14

If you want to remove any IP address from the block list, you can enter the command

user@localhost:~$ sudo fail2ban-client set sshd unbanip <IP>