This guide will take you through the process of adding the security tool Fail2Ban to your Raspberry Pi.
Here’s how to step-by-step install Fail2Ban and set it up to add one more security layer to our SSH.
Basically what we will do here is we will ban the attacker’s IP address if he tries a few times to penetrate our defenses. Making his goal as time-consuming and tedious endeavor as we can.
Note that Fail2Ban can be used to secure many more services than just SSH.
But actually, this one is simple.
Log in to Raspberry Pi and
Quick update of our Pi:
sudo apt update && sudo apt upgrade
Install the package which we’ll be using
sudo apt install fail2ban
Now we need to create our configuration file. We’ll set up the basics by copying the default configuration file and editing that one.
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Edit that jail.local file
sudo nano /etc/fail2ban/jail.local
Find the section which is called named “[ssh]” and set it up:
enabled = true
filter = sshd
port = ssh
banaction = iptables-multiport
bantime = 60m
maxretry = 3
banaction – This actually handles iptables to block attackers ip address.
bantime – Here you can set for how long you want to ban this ip address.
maxretry – This is how many attempts user or attacker has before he gets banned.
Restart the fail2ban service and we’re good to go.
sudo service fail2ban restart
That’s it!
If you followed my previous tutorials now our login procedure consists of an ssh key safely stored in our computer and a time-based verification code from our mobile app.
So that’s Fail2Ban for Raspberry Pi’s SSH. Hope it helped!
You should feel at least a little bit safer about your Raspberry Pi. If you do, please subscribe to my channel.
