Back to documentation
Security

SSH Hardening & Fail2Ban

Strengthen server security with SSH hardening and brute-force protection via Fail2Ban.

Intermediate6 min readUpdated 2026-03-29

SSH hardening

Server Compass can apply recommended SSH security settings:

  1. Go to Security tab
  2. Open SSH Hardening
  3. Apply recommended settings:
    • Disable root login
    • Disable password authentication (key-only)
    • Change default SSH port
    • Set idle timeout
  4. Server Compass updates sshd_config and restarts the SSH service safely

Fail2Ban setup

Fail2Ban protects against brute-force attacks:

  1. Open the Security tab
  2. Click Enable Fail2Ban
  3. Server Compass installs and configures Fail2Ban automatically
  4. Configure ban rules:
    • Max retries before ban
    • Ban duration
    • Monitored services (SSH, HTTP, etc.)
  5. View banned IPs and unban manually if needed

Firewall rules

Combine SSH hardening with firewall rules:

  1. Go to Security > Firewall
  2. Allow only necessary ports (SSH, HTTP, HTTPS)
  3. Block all other incoming traffic
  4. Server Compass manages ufw or iptables rules for you

Screenshots

SSH Hardening & Fail2Ban - Screenshot 1
SSH Hardening & Fail2Ban - Screenshot 2
SSH Hardening & Fail2Ban - Screenshot 3

Screenshots may vary slightly from the current version

Related Features

SSH Hardening

Apply SSH security best practices with one click. Disable root login, change ports, and configure key-only auth.

Fail2Ban Configuration

Manage Fail2Ban brute-force protection rules. Configure jail settings, ban times, and whitelist IPs visually.

Previous

Configuring the Firewall

Ready to try Server Compass?

Download the app and deploy your first application in under 5 minutes. No terminal knowledge required.

Download Server CompassMore Documentation