SSH is usually the front door of a Linux home server. And if that door is reachable from the network, something will eventually knock on it. Sometimes it is you. Sometimes it is a script from the other side of the planet trying admin , root , test , ubuntu , oracle , minecraft , and whatever else is in its boring little dictionary. This is where Fail2ban is useful. Fail2ban watches logs for repeated failed login attempts and temporarily bans the source IP address using firewall rules. It is not magic, and it is not a replacement for proper SSH hardening, but it is a very useful extra layer for a Linux home server. This post is a beginner-friendly guide to Fail2ban for SSH on a Linux home server . The goal is not to build an enterprise security platform. The goal is to reduce brute-force noise, protect SSH, and avoid locking yourself out of your own machine. If you are building a secure Linux box, also see my Linux Home Server Security Checklist and my guide to UFW Firew...
Practical Linux, homelab and computer security notes: home servers, Docker, UFW, Fail2ban, Lynis, honeypots, old hardware and sysadmin experiments.