1. Open the config file:
nano /etc/fail2ban/jail.local
2. Find this line:
enabled = true
And make sure it’s inside this section:
[sshd]
enabled = true
port = 1992
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
findtime = 600
The key thing is: the line must follow a section header like [sshd]. If you just had enabled = true floating by itself at line 24, Fail2Ban freaks out.
3. Save and Exit
In nano:
Ctrl+O→ SaveEnterCtrl+X→ Exit
4. Restart Fail2Ban
systemctl restart fail2ban
Then:
systemctl status fail2ban
You should now see Active: active (running) ?
5. Check Jail
fail2ban-client status sshd
You should now see the jail is loaded and tracking attempts.
If you want, paste the contents of /etc/fail2ban/jail.local here and I’ll double-check the formatting ?
Want to also ban based on IP ranges or get email alerts? I got you ?