Back to documentation
Security

SSH Hardening & Fail2Ban

Strengthen server security with SSH hardening and brute-force protection via Fail2Ban.

Intermediate6 min readUpdated 2026-03-29

SSH hardening

Server Compass can apply recommended SSH security settings:

  1. Go to Security tab
  2. Open SSH Hardening
  3. Apply recommended settings:
    • Disable root login
    • Disable password authentication (key-only)
    • Change default SSH port
    • Set idle timeout
  4. Server Compass updates sshd_config and restarts the SSH service safely

Fail2Ban setup

Fail2Ban protects against brute-force attacks:

  1. Open the Security tab
  2. Click Enable Fail2Ban
  3. Server Compass installs and configures Fail2Ban automatically
  4. Configure ban rules:
    • Max retries before ban
    • Ban duration
    • Monitored services (SSH, HTTP, etc.)
  5. View banned IPs and unban manually if needed

Firewall rules

Combine SSH hardening with firewall rules:

  1. Go to Security > Firewall
  2. Allow only necessary ports (SSH, HTTP, HTTPS)
  3. Block all other incoming traffic
  4. Server Compass manages ufw or iptables rules for you

Screenshots

SSH Hardening & Fail2Ban - Screenshot 1
SSH Hardening & Fail2Ban - Screenshot 2
SSH Hardening & Fail2Ban - Screenshot 3

Related Features

SSH Hardening

Apply SSH security best practices with one click. Disable root login, change ports, and configure key-only auth.

Fail2Ban Configuration

Manage Fail2Ban brute-force protection rules. Configure jail settings, ban times, and whitelist IPs visually.

Ready to try Server Compass?

Download the app and deploy your first application in under 5 minutes.

Download Server Compass