Fail2ban for SSH Security

This cluster centers on discussions recommending or debating the use of fail2ban and similar tools like sshguard to protect SSH servers from brute-force attacks, often alongside advice on key authentication and log monitoring.

📉 Falling 0.3x Security

1,544

Comments

Years Active

Top Authors

#1244

Topic ID

Activity Over Time

2007

2008

2009

2010

2011

2012

2013

113

2014

2015

2016

100

2017

2018

2019

2020

173

2021

2022

154

2023

115

2024

218

2025

2026

Top Contributors

tptacek (12) ryanlol (11) LinuxBender (10) laumars (10) walrus01 (10)

Keywords

RAM PHP SSH MSA ROI IMO CVE IP BIND OS fail2ban ssh attempts ips logs server log login brute auth

Sample Comments

malfist • Apr 30, 2025 • View on HN

Why wouldn't something like fail2ban not work here? That's what it's built for and has been around for eons.

drb91 • May 26, 2018 • View on HN

fail2ban may prove some use: https://www.fail2ban.org

bostonvaulter2 • Sep 5, 2010 • View on HN

Wouldn't something like fail2ban be enough?

chmod775 • Jan 14, 2022 • View on HN

No mention of sshguard or fail2ban?

kyrofa • Jun 7, 2024 • View on HN

Why are we building this into SSH itself? Isn't this what things like fail2ban are for?

kingosticks • Jun 16, 2016 • View on HN

You should still use fail2ban.https://news.ycombinator.com/item?id=11854576

vacri • Mar 4, 2013 • View on HN

fail2ban is useful for things other than SSH - I've seen it deal handily with people probing our asterisk server.

pfundstein • Jul 4, 2019 • View on HN

I highly recommend installing fail2ban to automatically firewall IPs with consecutive failed attempts, or if possible, disable password authentication altogether and use key auth.

ams6110 • Apr 15, 2012 • View on HN

Something like fail2ban could deal with this.

derimagia • Jun 20, 2018 • View on HN

Hopefully they use something akin to fail2ban..