[sshd]

# ==========================
# SSH Jail Configuration
# ==========================

# Enable the SSH jail to monitor and protect against brute-force attacks.
enabled = true  

# Port Fail2Ban should monitor for SSH connections.
# If you run SSH on a custom port, replace 'ssh' with the actual port number (e.g., 2222).
port = ssh  

# Filter definition to use. 
# 'sshd' refers to the default filter that matches common SSH authentication failures.
filter = sshd  

# Log file location. 
# '%(sshd_log)s' uses the default value set by the system, typically /var/log/auth.log or journalctl.
logpath = %(sshd_log)s  

# Backend for reading logs.
# 'systemd' is recommended if your system uses journalctl for logging.
backend = systemd  

# ==========================
# SSH-Specific Overrides
# ==========================

# Time window to evaluate failed login attempts.
# If 'maxretry' failures occur within this time, the IP will be banned.
findtime = 5m  

# Number of failed attempts allowed before triggering a ban.
maxretry = 4