Fail2Ban Debian Cheat Sheet

apt-get install fail2ban

Set the LogLevel parameter within /etc/ssh/sshd_config from INFO to VERBOSE. This allows fail2ban to read failed login attempts.


Restart sshd

/etc/init.d/ssh restart

Change the action parameter within the jail.conf to action_mwl. Otherwise you will not get any e-mail notification about banned ips.

action = %(action_mwl)s

Finally make sure that your ssh section within jail.conf is enabled and points to the correct logfile.