What are good Fail2Ban settings for SSH?

Start with: maxretry=5, findtime=600 (10 min), bantime=3600 (1 hour). For aggressive protection: maxretry=3, bantime=86400 (24 hours). Use bantime.increment for progressive ban times.

Should I use jail.conf or jail.local?

Always use jail.local. The jail.conf file is overwritten during updates. Create jail.local to override specific settings — it takes precedence over jail.conf for matching sections.

Fail2Ban Configuration Errors — SSH Brute Force Protection and Ban Issues on Linux

Warningsecurity

Overview

Fix Fail2Ban configuration errors including regex filter failures, false positive bans, log path mismatches, and firewall integration issues.

Key Details

Fail2Ban monitors log files for failed authentication attempts and bans offending IP addresses
The sshd jail is the most commonly used — monitors /var/log/auth.log for failed SSH logins
Custom filters use regex patterns to match log entries — incorrect regex causes missed detections or false positives
Fail2Ban uses iptables, nftables, or firewalld for banning depending on system configuration
Whitelisting your own IP prevents accidental self-banning during troubleshooting

Common Causes

Filter regex not matching the current log format (different syslog version or SSH configuration)
Log file path in jail.local not matching the actual log file location
Incorrect banaction — using iptables when the system uses nftables or firewalld
Fail2Ban service not starting due to configuration syntax errors

Steps

1Test filter regex: 'fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf' to verify matches
2Check jail status: 'fail2ban-client status sshd' to see banned IPs and total failures detected
3Whitelist your IP: add 'ignoreip = 127.0.0.1/8 ::1 YOUR_IP' in [DEFAULT] section of jail.local
4Unban an IP: 'fail2ban-client set sshd unbanip IP_ADDRESS'
5Check configuration: 'fail2ban-client -d' to dump configuration and verify syntax

More in Security

windows-defender-errorsWindows Defender Errors — Antivirus Not Working or Updating

Error

windows-error-0x80073b01-defender-serviceWindows Error 0x80073B01 — Windows Defender Service Failed to Start

Error

windows-bitlocker-recovery-key-errorsBitLocker Recovery Key Errors — Drive Locked and Recovery Key Not Found

Critical

mac-gatekeeper-app-blockedMac Gatekeeper — App Cannot Be Opened (Unidentified Developer)

Warning

mac-filevault-recovery-errorsMac FileVault Errors — Encryption, Decryption & Recovery Key Issues

Error

mac-keychain-errors-passwordsMac Keychain Errors — Password Prompts, Locked Keychain, and Repair Guide

Warning

Frequently Asked Questions

Run 'fail2ban-client set sshd unbanip YOUR_IP'. If you are locked out, connect from a different IP or use the server console. Always add your IP to ignoreip to prevent self-banning.

Fail2Ban Configuration Errors — SSH Brute Force Protection and Ban Issues on Linux

Overview

Key Details

Common Causes

Steps

Tags

More in Security

Frequently Asked Questions