Setting up fail2ban on Centos 7 – to limit login attempts via SSH

Using (private/public) keys to restrict access is definitely the best way to secure access to a server via SSH.

However it can be abit of pain if multiple people need access and they aren’t that tech savvy.

Another way to secure SSH but not have to worry about keys is by limiting the login attempts and banning a user’s IP address, if they make too many tries in x time period ( i.e. if they try a brute force password attack on you).

One tool for doing this is fail2ban .

Here’s the process:

# if epel not installed ( run below to install it )
sudo yum install epel-release

sudo yum install fail2ban

sudo systemctl enable fail2ban

sudo vi /etc/fail2ban/jail.local

#Paste in this to above file:

[DEFAULT]
# Ban hosts for one hour:
bantime = 3600
[sshd]
enabled = true

# restart it
sudo systemctl restart fail2ban

# check it
sudo fail2ban-client status

# Test I get banned ! on web server ( try login multiple times 5 fails to BAN)

# check this log , to check if I banned
vi /var/log/fail2ban.log

 

To check fail2ban is working and banning IPs

A handy way for checking if your banned is try to login via SSH until your banned ( will say ‘connection refused’ ).

Then check what your IP (of machine your sat at ), probably as easy as any is use something like whatsmyiup’s site

Get another IP ( if you have a phone and hotspot function connect to that and it will give you a new IP ).

 

Login to ssh ( as you phone IP won’t be banned ), and look in this file for your old banned IP /var/log/fail2ban.log

 

 

References

https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-7

https://www.howtoforge.com/tutorial/how-to-install-fail2ban-on-centos/

 

Leave a Comment