{"id":166,"date":"2025-09-24T15:55:31","date_gmt":"2025-09-24T15:55:31","guid":{"rendered":"https:\/\/wehaveservers.com\/blog\/?p=166"},"modified":"2025-09-24T15:55:31","modified_gmt":"2025-09-24T15:55:31","slug":"how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw","status":"publish","type":"post","link":"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/","title":{"rendered":"How to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW)"},"content":{"rendered":"\n
\"secure<\/figure>\n\n\n\n



How to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW)
<\/p>\n\n\n\n

How to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW)<\/h1>\n\n\n\n

SSH (Secure Shell) is the default entry point for managing Linux servers. Whether you\u2019re running a VPS or a bare-metal dedicated server, weak SSH configurations can expose you to brute-force attacks, credential leaks, and unauthorized access. In 2025, botnets are continuously scanning the internet for servers with open port 22 and weak passwords. That\u2019s why securing SSH is one of the first tasks<\/strong> you should perform on any Ubuntu or Debian system before moving it into production.<\/p>\n\n\n\n

This guide will walk through advanced steps to secure SSH on Ubuntu\/Debian using key-based authentication<\/strong>, Fail2Ban<\/strong>, and UFW firewall rules<\/strong>. These practices are based on real-world sysadmin workflows and CIS hardening checklists.<\/p>\n\n\n\n

\n\n\n\n

\ud83d\udd11 Step 1: Disable Password Authentication and Use SSH Keys<\/h2>\n\n\n\n

Password authentication is the weakest link in SSH security. Attackers can easily brute force passwords, especially for accounts like root<\/code>. Instead, generate a public-private key pair and disable passwords entirely.<\/p>\n\n\n\n

On your local machine:<\/p>\n\n\n\n

ssh-keygen -t ed25519 -C \"your_email@example.com\"\n<\/code><\/pre>\n\n\n\n
This creates a key pair in ~\/.ssh\/id_ed25519<\/code>. Then copy the key to the server:<\/p>\n\n\n\n
ssh-copy-id username@server_ip\n<\/code><\/pre>\n\n\n\n
Edit \/etc\/ssh\/sshd_config<\/code> on the server and ensure:<\/p>\n\n\n\n
PermitRootLogin no\nPasswordAuthentication no\nPubkeyAuthentication yes\n<\/code><\/pre>\n\n\n\n
Finally, restart SSH:<\/p>\n\n\n\n
systemctl restart ssh\n<\/code><\/pre>\n\n\n\n
Pro tip:<\/strong> Always test with a second session before closing your root shell to avoid locking yourself out.<\/p>\n\n\n\n
\n\n\n\n
\ud83d\udeab Step 2: Change Default SSH Port<\/h2>\n\n\n\n
While security-by-obscurity is not a replacement for real hardening, changing the default port from 22<\/code> reduces noise from automated scanners.<\/p>\n\n\n\n
Port 2222\n<\/code><\/pre>\n\n\n\n
in \/etc\/ssh\/sshd_config<\/code>. Don\u2019t forget to update UFW and monitoring tools accordingly.<\/p>\n\n\n\n
\n\n\n\n
\ud83d\udee1\ufe0f Step 3: Install and Configure Fail2Ban<\/h2>\n\n\n\n
Fail2Ban<\/strong> monitors log files for repeated failed login attempts and dynamically blocks IPs that look malicious.<\/p>\n\n\n\n
apt update && apt install fail2ban -y\n<\/code><\/pre>\n\n\n\n
Create or edit jail configuration:<\/p>\n\n\n\n
\/etc\/fail2ban\/jail.local\n<\/code><\/pre>\n\n\n\n
[sshd]\nenabled = true\nport    = 2222\nfilter  = sshd\nlogpath = \/var\/log\/auth.log\nmaxretry = 5\nbantime = 3600\n<\/code><\/pre>\n\n\n\n
Restart the service:<\/p>\n\n\n\n
systemctl enable --now fail2ban\n<\/code><\/pre>\n\n\n\n
Check active bans:<\/p>\n\n\n\n
fail2ban-client status sshd\n<\/code><\/pre>\n\n\n\n
\n\n\n\n
\ud83d\udd25 Step 4: Lock Down Access with UFW<\/h2>\n\n\n\n
Ubuntu and Debian ship with UFW (Uncomplicated Firewall)<\/strong>, a front-end for iptables. Limit access to only the SSH port you configured and any application-specific ports.<\/p>\n\n\n\n
ufw default deny incoming\nufw default allow outgoing\nufw allow 2222\/tcp\nufw enable\n<\/code><\/pre>\n\n\n\n
You can also restrict SSH to specific IPs if you manage from a fixed location:<\/p>\n\n\n\n
ufw allow from 203.0.113.10 to any port 2222 proto tcp\n<\/code><\/pre>\n\n\n\n
\n\n\n\n
\ud83d\udd0d Step 5: Enable 2FA for SSH (Optional)<\/h2>\n\n\n\n
For high-security environments, enable two-factor authentication<\/strong> with Google Authenticator or Authy PAM modules.<\/p>\n\n\n\n
apt install libpam-google-authenticator\ngoogle-authenticator\n<\/code><\/pre>\n\n\n\n
Then edit \/etc\/pam.d\/sshd<\/code> to add:<\/p>\n\n\n\n
auth required pam_google_authenticator.so\n<\/code><\/pre>\n\n\n\n
This ensures even if your key is stolen, an attacker would still need a one-time token.<\/p>\n\n\n\n
\n\n\n\n
\ud83d\udcc8 Step 6: Monitor and Audit SSH Access<\/h2>\n\n\n\n
Keep an eye on SSH logins with:<\/p>\n\n\n\n
journalctl -u ssh --since \"1 hour ago\"\nlast -a | head -n 20\n<\/code><\/pre>\n\n\n\n
Integrating these logs into Zabbix, Grafana, or ELK<\/strong> helps track patterns and detect anomalies.<\/p>\n\n\n\n
\n\n\n\n
\u2705 Conclusion<\/h2>\n\n\n\n
Securing SSH is not just about one tweak \u2014 it\u2019s a layered approach. By combining key-based authentication, Fail2Ban, UFW rules, and optional 2FA, you can drastically reduce your attack surface. In production-grade setups, add monitoring and central logging to ensure you catch anomalies before they become incidents.<\/p>\n\n\n\n
At WeHaveServers.com<\/strong>,<\/a> all our VPS and Dedicated Servers ship with root SSH access, giving you full control \u2014 but we recommend applying these hardening steps before deploying workloads to production.<\/p>\n\n\n\n
\n\n\n\n
\u2753 FAQ<\/h2>\n\n\n\n
Should I disable root SSH login?<\/h3>\n\n\n\n
Yes, always. Create a non-root user with sudo privileges and disable direct root login for better security.<\/p>\n\n\n\n
What\u2019s better: changing SSH port or using Fail2Ban?<\/h3>\n\n\n\n
Changing the port reduces noise, but Fail2Ban actively blocks brute-force attempts. For best results, use both.<\/p>\n\n\n\n
How do I recover if I lock myself out?<\/h3>\n\n\n\n
Use your provider\u2019s recovery console (IPMI, iDRAC, or VNC). Always test new SSH configs in a separate session first.<\/p>\n\n\n\n
Is key authentication enough for production?<\/h3>\n\n\n\n
For most setups, yes. For sensitive environments, combine keys with 2FA and strict firewall rules.<\/p>\n\n\n\n
Can I use UFW and Fail2Ban together?<\/h3>\n\n\n\n
Yes, they complement each other. UFW sets the baseline policy, Fail2Ban reacts dynamically to attacks.<\/p>\n\n\n\n
\n","protected":false},"excerpt":{"rendered":"
How to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW) How to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW) SSH (Secure Shell) is the default entry point for managing Linux servers. Whether you\u2019re running a VPS or a bare-metal dedicated server, weak SSH configurations can expose you to brute-force attacks, credential leaks, and unauthorized access. In […]<\/p>\n","protected":false},"author":1,"featured_media":167,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[44,43,41,42],"class_list":["post-166","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux-sysadmin","tag-disable-ssh","tag-server-security","tag-ssh-hardening","tag-ssh-secure"],"blocksy_meta":[],"yoast_head":"\nHow to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW) - Blog | WeHaveServers.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW) - Blog | WeHaveServers.com\" \/>\n<meta property=\"og:description\" content=\"How to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW) How to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW) SSH (Secure Shell) is the default entry point for managing Linux servers. Whether you\u2019re running a VPS or a bare-metal dedicated server, weak SSH configurations can expose you to brute-force attacks, credential leaks, and unauthorized access. In […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog | WeHaveServers.com\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/WeHaveServers\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-24T15:55:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wehaveservers.com\/blog\/wp-content\/uploads\/2025\/09\/how-to-secure-ssh.png\" \/>\n\t<meta property=\"og:image:width\" content=\"768\" \/>\n\t<meta property=\"og:image:height\" content=\"403\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"WHS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@WeHaveServers\" \/>\n<meta name=\"twitter:site\" content=\"@WeHaveServers\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"WHS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/linux-sysadmin\\\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/linux-sysadmin\\\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\\\/\"},\"author\":{\"name\":\"WHS\",\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/#\\\/schema\\\/person\\\/f90cd2ad6ce12bb915c1d00a4770dad0\"},\"headline\":\"How to Secure SSH on Ubuntu\\\/Debian (Keys, Fail2Ban, UFW)\",\"datePublished\":\"2025-09-24T15:55:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/linux-sysadmin\\\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\\\/\"},\"wordCount\":610,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/linux-sysadmin\\\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/how-to-secure-ssh.png\",\"keywords\":[\"disable ssh\",\"server security\",\"SSH hardening\",\"ssh secure\"],\"articleSection\":[\"Linux & SysAdmin\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/linux-sysadmin\\\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/linux-sysadmin\\\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\\\/\",\"url\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/linux-sysadmin\\\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\\\/\",\"name\":\"How to Secure SSH on Ubuntu\\\/Debian (Keys, Fail2Ban, UFW) - Blog | WeHaveServers.com\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/linux-sysadmin\\\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/linux-sysadmin\\\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/how-to-secure-ssh.png\",\"datePublished\":\"2025-09-24T15:55:31+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/linux-sysadmin\\\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/linux-sysadmin\\\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/linux-sysadmin\\\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\\\/#primaryimage\",\"url\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/how-to-secure-ssh.png\",\"contentUrl\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/how-to-secure-ssh.png\",\"width\":768,\"height\":403},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/linux-sysadmin\\\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Secure SSH on Ubuntu\\\/Debian (Keys, Fail2Ban, UFW)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/\",\"name\":\"Blog | WeHaveServers.com\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/#organization\",\"name\":\"THC Projects SRL\",\"url\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/whs-logo-blog.png\",\"contentUrl\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/whs-logo-blog.png\",\"width\":1080,\"height\":147,\"caption\":\"THC Projects SRL\"},\"image\":{\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/WeHaveServers\\\/\",\"https:\\\/\\\/x.com\\\/WeHaveServers\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/#\\\/schema\\\/person\\\/f90cd2ad6ce12bb915c1d00a4770dad0\",\"name\":\"WHS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e91dfeb1f75c7c898bf30d2646330952683ff1e2646cf0ac34c4a6963c2175ce?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e91dfeb1f75c7c898bf30d2646330952683ff1e2646cf0ac34c4a6963c2175ce?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e91dfeb1f75c7c898bf30d2646330952683ff1e2646cf0ac34c4a6963c2175ce?s=96&d=mm&r=g\",\"caption\":\"WHS\"},\"sameAs\":[\"https:\\\/\\\/wehaveservers.com\\\/blog\"],\"url\":\"https:\\\/\\\/wehaveservers.com\\\/blog\\\/author\\\/wehaveservers\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW) - Blog | WeHaveServers.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/","og_locale":"en_US","og_type":"article","og_title":"How to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW) - Blog | WeHaveServers.com","og_description":"How to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW) How to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW) SSH (Secure Shell) is the default entry point for managing Linux servers. Whether you\u2019re running a VPS or a bare-metal dedicated server, weak SSH configurations can expose you to brute-force attacks, credential leaks, and unauthorized access. In […]","og_url":"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/","og_site_name":"Blog | WeHaveServers.com","article_publisher":"https:\/\/www.facebook.com\/WeHaveServers\/","article_published_time":"2025-09-24T15:55:31+00:00","og_image":[{"width":768,"height":403,"url":"https:\/\/wehaveservers.com\/blog\/wp-content\/uploads\/2025\/09\/how-to-secure-ssh.png","type":"image\/png"}],"author":"WHS","twitter_card":"summary_large_image","twitter_creator":"@WeHaveServers","twitter_site":"@WeHaveServers","twitter_misc":{"Written by":"WHS","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/#article","isPartOf":{"@id":"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/"},"author":{"name":"WHS","@id":"https:\/\/wehaveservers.com\/blog\/#\/schema\/person\/f90cd2ad6ce12bb915c1d00a4770dad0"},"headline":"How to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW)","datePublished":"2025-09-24T15:55:31+00:00","mainEntityOfPage":{"@id":"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/"},"wordCount":610,"commentCount":0,"publisher":{"@id":"https:\/\/wehaveservers.com\/blog\/#organization"},"image":{"@id":"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/#primaryimage"},"thumbnailUrl":"https:\/\/wehaveservers.com\/blog\/wp-content\/uploads\/2025\/09\/how-to-secure-ssh.png","keywords":["disable ssh","server security","SSH hardening","ssh secure"],"articleSection":["Linux & SysAdmin"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/","url":"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/","name":"How to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW) - Blog | WeHaveServers.com","isPartOf":{"@id":"https:\/\/wehaveservers.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/#primaryimage"},"image":{"@id":"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/#primaryimage"},"thumbnailUrl":"https:\/\/wehaveservers.com\/blog\/wp-content\/uploads\/2025\/09\/how-to-secure-ssh.png","datePublished":"2025-09-24T15:55:31+00:00","breadcrumb":{"@id":"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/#primaryimage","url":"https:\/\/wehaveservers.com\/blog\/wp-content\/uploads\/2025\/09\/how-to-secure-ssh.png","contentUrl":"https:\/\/wehaveservers.com\/blog\/wp-content\/uploads\/2025\/09\/how-to-secure-ssh.png","width":768,"height":403},{"@type":"BreadcrumbList","@id":"https:\/\/wehaveservers.com\/blog\/linux-sysadmin\/how-to-secure-ssh-on-ubuntu-debian-keys-fail2ban-ufw\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wehaveservers.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How to Secure SSH on Ubuntu\/Debian (Keys, Fail2Ban, UFW)"}]},{"@type":"WebSite","@id":"https:\/\/wehaveservers.com\/blog\/#website","url":"https:\/\/wehaveservers.com\/blog\/","name":"Blog | WeHaveServers.com","description":"","publisher":{"@id":"https:\/\/wehaveservers.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wehaveservers.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/wehaveservers.com\/blog\/#organization","name":"THC Projects SRL","url":"https:\/\/wehaveservers.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wehaveservers.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/wehaveservers.com\/blog\/wp-content\/uploads\/2024\/07\/whs-logo-blog.png","contentUrl":"https:\/\/wehaveservers.com\/blog\/wp-content\/uploads\/2024\/07\/whs-logo-blog.png","width":1080,"height":147,"caption":"THC Projects SRL"},"image":{"@id":"https:\/\/wehaveservers.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/WeHaveServers\/","https:\/\/x.com\/WeHaveServers"]},{"@type":"Person","@id":"https:\/\/wehaveservers.com\/blog\/#\/schema\/person\/f90cd2ad6ce12bb915c1d00a4770dad0","name":"WHS","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/e91dfeb1f75c7c898bf30d2646330952683ff1e2646cf0ac34c4a6963c2175ce?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e91dfeb1f75c7c898bf30d2646330952683ff1e2646cf0ac34c4a6963c2175ce?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e91dfeb1f75c7c898bf30d2646330952683ff1e2646cf0ac34c4a6963c2175ce?s=96&d=mm&r=g","caption":"WHS"},"sameAs":["https:\/\/wehaveservers.com\/blog"],"url":"https:\/\/wehaveservers.com\/blog\/author\/wehaveservers\/"}]}},"_links":{"self":[{"href":"https:\/\/wehaveservers.com\/blog\/wp-json\/wp\/v2\/posts\/166","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wehaveservers.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wehaveservers.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wehaveservers.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wehaveservers.com\/blog\/wp-json\/wp\/v2\/comments?post=166"}],"version-history":[{"count":1,"href":"https:\/\/wehaveservers.com\/blog\/wp-json\/wp\/v2\/posts\/166\/revisions"}],"predecessor-version":[{"id":168,"href":"https:\/\/wehaveservers.com\/blog\/wp-json\/wp\/v2\/posts\/166\/revisions\/168"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wehaveservers.com\/blog\/wp-json\/wp\/v2\/media\/167"}],"wp:attachment":[{"href":"https:\/\/wehaveservers.com\/blog\/wp-json\/wp\/v2\/media?parent=166"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wehaveservers.com\/blog\/wp-json\/wp\/v2\/categories?post=166"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wehaveservers.com\/blog\/wp-json\/wp\/v2\/tags?post=166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}