It would seem that due to some sort of packaging or maintainer config dispute the default configuration for fail2ban's SSHd authentication monitoring (and thus blocking) does not work on Debian 12, and it's derivatives such as Ubuntu.
The solution is to configure fail2ban to read (and eventually ban) SSHd authentication failures from "systemd" rather than a log file as previously expected.
This can be done with the following one-liner (it write the quoted text into the fail2ban jail config file):
echo -e "[sshd]\nbackend=systemd\nenabled=true" | tee /etc/fail2ban/jail.localNext you'll need to restart the fail2ban service, and inspecting the output for any issues:
systemctl restart fail2ban && systemctl status fail2ban
Comments & Questions
Reply by email to send in your thoughts.
Comments may be featured here unless you say otherwise. You can encrypt emails with PGP too, learn more about my email replies here.
PGP: 9ba2c5570aec2933970053e7967775cb1020ef23