I know this is not enough by far. A really secure configuration requires more intel in it but I let it that way just to check how much penetration attemps I’ll see.
After a fast review in the
/var/log/fail2ban.log file I notice that almost everything were ssh tries to log in the system. Which is perfectly normal because the system only exposes a web server and the sshd daemon.
An easy and fast securization for your home systems with ssh is to edit the
/etc/hosts.allow and the
/etc/host deny files to concrete what IP’s are allow to log in via ssh and deny all the rest. You may do the same secure configuration via
/etc/ssh/sshd_config what it requieres more ssh knowledge and I prefer dedicate another post to it.
To allow you home network edit your
/etc/host.allow and add:
sshd: 192.168.0.0/24 # this allow your local lan
sshd: 127.0.0.1 # this allow your localhost
To deny any other IP edit your
/etc/hosts.deny and add: