Ubuntu - Fail2Ban - Test Fail2Ban

Ubuntu - Fail2Ban - Test Fail2Ban

Log into another machine and attempt an SSH login to the server housing fail2ban.

Make sure to type the password incorrectly 3 times.

NOTE: After the third attempt, SSH will lock you out, and you must use the CTRL + C key combination to return you to the prompt.

If another attempt is made to SSH login, a Connection refused error should be noticed.

Check that there is a banned IP

sudo fail2ban-client status sshd

returns:

Status for the jail: sshd

|- Filter
|  |- Currently failed:    0
|  |- Total failed:        3
|  `- File list:           /var/log/auth.log
`- Actions
|- Currently banned:       1
|- Total banned:           1
`- Banned IP list:         192.168.1.40

NOTE: This shows that IP Address, 192.168.1.40, is banned.

To unban an IP address

To unban IP address 192.168.1.40:

sudo fail2ban-client set sshd unbanip 192.168.1.40

NOTE: This should see the number one printed out, because that is how many IP addresses were just unbanned.

To manually ban an IP

sudo fail2ban-client set sshd banip 192.168.1.40

IMPORTANT: After testing, remember to unban the IP address that was used.

Table of Contents

Ubuntu - Fail2Ban - Test Fail2Ban

Check that there is a banned IP

To unban an IP address

To manually ban an IP