fail2ban scans log files for repeated failures (like SSH login attempts) and automatically firewalls the offending IPs. It's one of the easiest, highest-value defences for any VPS.
Install
sudo apt install fail2ban -y
sudo systemctl enable --now fail2ban
Configure a local jail
Never edit the default file — create /etc/fail2ban/jail.local:
[sshd]
enabled = true
maxretry = 4
bantime = 1h
findtime = 10m
This bans an IP for an hour after 4 failed SSH logins within 10 minutes.
Check what it's doing
sudo fail2ban-client status
sudo fail2ban-client status sshd
Protect more than SSH
fail2ban ships jails for Nginx, Apache, WordPress and mail servers too — enable the ones relevant to your stack. Combined with SSH keys and a firewall, it stops the constant background noise of brute-force bots cold.