Why Is Fail2Ban & DenyHosts Not Working?

I installed and configured Fail2Ban first to get some form of protection on the SSH port I am using. Unfortunately, testing shows that it is simply not working. Can someone give me some hints as to what is going on? I have used a non-standard SSH port. Do I need to make Fail2Ban and DenyHosts aware of this?

What is the MINIMAL configuration I need to do so I can test to see if this application is actually blocking failed logins? It’s simply not blocking failed logins. I could try logging in all day, still no banning going on. I am using Centos 6.5.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

You generally need to run either Fail2ban or DenyHosts, but not both. DenyHosts watches the SSH service for failed logins while Fail2ban does that too but can also watch other services as well.

You do need to let fail2ban know about the new SSH port, otherwise it’ll just block connections to port 22 which would not have any effect on the SSH service. The fail2ban SSH config should look like this:


enabled  = true
port     = 4444
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 2

Replace 4444 with your SSH port.