I currently block all ssh logins using root. But I wanted to go the extra mile and block the ip address of the client who tried to login as root. I currently have denyhosts and fail2ban setup and working, can I use denyhosts and or fail2ban to block the ip addresses of those who try to login as root?
Security – How to block all root login attempts using denyhosts and or fail2ban
denyhostsfail2banSecurityubuntu-10.04
Best Answer
Depending on your distribution, edit
/etc/fail2ban/jail.conf
Update the[ssh]
section to show something like thisChange the parameters as required. It won't specifically block root, but every attempt that fails. Be careful with
maxretry
and thebantime
. If you fail with your own password, whilemaxtretry
set to low, you block yourself for thebantime
. Restart fail2ban.I wouldn't try to block the IP forever as a lot of attempts come from dynamic IPs which could block some legitim users at a later point of time.
(Some distributions offer a jail.options file for your modifications. This is the preferred place to put your changes to as it shouldn't be affected by updates overwriting the conf.)