Any Linux system that’s exposed to the world tends to get a lot of hack attempts at it. I’ve typically run
fail2ban on mine to try to mitigate this, but on Ubuntu 20.04 I was unable to get it to actually detect various attempts.
There are a lot of tutorials out there for
fail2ban in general and even several on older versions of Ubuntu, but there’s one slight change on 20.04 (or maybe even an earlier version) which makes them not work. After a lot of hair-pulling I found one particular tutorial which had, buried almost in the marginalia, the magic thing I needed to get it working: basically, you need to use the
systemd log scanning backend, as none of the others seem to actually have access to the logs themselves, at least not without a lot of hassle.
So, the short version: add
backend = systemd to the
[DEFAULT] section of
/etc/fail2ban/jail.local. But read on for some
sshd configuration notes as well!