How safe is fail2ban?

Firstly, I found this topic whilst bored and wanting to know about more about fail2ban and thought it’s a good read for anyone interested in getting to know how it works and how good is it in keeping hackers out of your system.

It is a security report from 1st July so it’s pretty much up-to-date.


Very interesting indeed.

The interesting thing is that as we all should know a user with ssh access could edit the fail2ban logs and potentially could lock any IP out unless it is in the ignore IP list.

Am I right?

You can provide a jailed shell access, never give a normal shell access to a user on a shared server.


Can we in Hestia?

There is already a pending feature request for implementing rush.

There are plenty of guides on Google for chroot jail’s searching jailed SSH user brought up loads of results in Google.

Here is one of them

I bought the chroot plugin for Vestacp when it first came out and that had a drop-down list when you select if a user has SSH access and the chroot was an option there in that drop-down.

I don’t know what the advantages/disadvantages of using this compared to using parallel command line tool are? Maybe someone can enlighten me?.

Hestia has by default chroot for SFTP enabled.

For SSH it is a different story… But I am sure that didn’t work for Vesta either…

Setting up for 1 server it is easy.
Setting it up for 2 servers it is often 2x the work

Setting it up for 10k users it becomes a whole lot more of work… Mainly security and limitations for access.