🟑 Medium   ⏱ 5–30 min  Last verified: 20 May 2026
Affected versions: Ubuntu 24.04 LTS

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Repeated brute-force attempts continue without automatic IP bans.

Environment & Reproduction

Common after log format changes or wrong backend selection.

sudo systemctl status fail2ban
sudo fail2ban-client status
sudo fail2ban-client status sshd

Root Cause Analysis

Jail filter does not match logs or logpath points to wrong file.

Quick Triage

Check jail activation and recent parsing errors.

sudo journalctl -u fail2ban -n 120 --no-pager
sudo grep -RIn '[sshd]' /etc/fail2ban
sudo fail2ban-client get sshd logpath

Step-by-Step Diagnosis

Validate filter expressions against real auth log entries.

sudo tail -n 100 /var/log/auth.log
sudo fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
sudo fail2ban-client status sshd
Illustrative mockup for ubuntu-24-04-lts β€” terminal_or_shell
Inspecting fail2ban jail status β€” Illustrative mockup β€” Progressive Robot

Solution – Primary Fix

Set correct logpath/backend and restart fail2ban.

Still having issues? Our IT Consulting team can diagnose and resolve this for you. Get in touch for a free consultation.

sudo tee /etc/fail2ban/jail.d/sshd.local >/dev/null <<'EOF'
[sshd]
enabled = true
logpath = /var/log/auth.log
backend = systemd
maxretry = 5
EOF
sudo systemctl restart fail2ban
Illustrative mockup for ubuntu-24-04-lts β€” log_or_config
Fixing logpath and filter configuration β€” Illustrative mockup β€” Progressive Robot

Solution – Alternative Approaches

Use ufw action integration if iptables backend differs.

sudo grep -RIn 'banaction' /etc/fail2ban
sudo fail2ban-client reload

Verification & Acceptance Criteria

sshd jail reports active bans after failed attempts.

sudo fail2ban-client status sshd
sudo fail2ban-client get sshd banned
sudo journalctl -u fail2ban -n 40 --no-pager

Rollback Plan

Disable custom jail file and revert to packaged defaults.

sudo mv /etc/fail2ban/jail.d/sshd.local /etc/fail2ban/jail.d/sshd.local.bak
sudo systemctl restart fail2ban

Prevention & Hardening

Test regex filters after log format or sshd updates.

sudo fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
sudo fail2ban-client ping

Frequently related to disabled rsyslog or journal-only setups.

Related tutorial: View the step-by-step tutorial for Ubuntu 24.04 LTS.

View all Ubuntu 24.04 LTS tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Ubuntu fail2ban deployment and jail tuning guidance.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.