It would seem that due to some sort of packaging or maintainer config dispute the default configuration for fail2ban sshd authentication monitoring is does not on Debian 12, and it's derivatives such as Ubuntu.
The solution is to configure fail2ban to read (and eventually ban) sshd authentication failures from systemd rather than a log file.
This can be done with the following:
echo -e "[sshd]\nbackend=systemd\nenabled=true" | tee /etc/fail2ban/jail.localFollowed by restarting the fail2ban service and inspecting the output for any issues:
systemctl restart fail2ban && systemctl status fail2ban
Comments & Questions
Reply by email to send in your thoughts.
Comments may be featured here unless you say otherwise. You can encrypt emails with PGP too, learn more about my email replies here.
PGP: 9ba2c5570aec2933970053e7967775cb1020ef23