SSH:Konfigurasi dengan Fail2ban

• Begin by creating a new file within the same directory called jail.local. You can then add the necessary security configurations for the sshd jail.

vim /etc/fail2ban/jail.local

• You can explore the options that Fail2Ban provides to customize the security and blocking of the SSH service.

Fail2Ban Configuration Options:

• With the information in table above you can create the jail.local configuration for OpenSSH server (sshd). Once you have entered the configuration options, the values used in this guide example are listed in the sample file below.

[sshd]
 enabled = true
 port = ssh
 filter = sshd
 logpath = /var/log/auth.log
 maxretry = 3
 findtime = 300
 bantime = 3600
 ignoreip = 127.0.0.1

• After you have specified the configuration options and their respective values, save the file and restart the Fail2Ban service with the following command:

sudo systemctl restart fail2ban.service

• After restarting the OpenSSH server service, Fail2Ban uses this new configuration and the jail for the sshd service is activated and runs.
• You can now test this functionality by re-enabling PasswordAuthentication in the OpenSSH Configuration file found in /etc/ssh/sshd_config. Do this by changing the value from no to yes using the text editor of your choice. Make sure these lines are uncommented.

 #To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

• This allows users to use passwords for authentication in addition to SSH key-pairs. Fail2Ban automatically detects brute-force attempts on SSH and blocks the users automatically. This greatly improves the security of both password based authentication and the server and is useful for user accounts that do not have administrator privileges.

• linode.com