understanding fail2ban with iptables: https://www.the-art-of-web.com/system/fail2ban/ https://www.digitalocean.com/community/tutorials/how-fail2ban-works-to-protect-services-on-a-linux-server
- autorize new port in google firewall (common to all instances in the same zone):
with gloud command line:
gcloud compute firewall-rules create ssh-alternative-2224 --allow tcp:2224
¿Change priority of this rule to 65534 to avoid mask this port and lose connection of virtual machine?
you need to add option ssh-flag in order to connect to another port:
gcloud compute --project "PROJECT_NAME" ssh --zone "us-central1-b" "instance-1" --ssh-flag="-p 2224"
or in your prefered ssh client
- Test port is accesible from the internet:
sudo apt-get install netcat
nc -l -p 2224 &
and telnet from a remote computer:
telnet your.server.ip 2224
- now we can change ssdh default port
sudo nano /etc/ssh/sshd_config
and change line
Port 22
to Port 2224
- fail2ban
sudo nano /etc/fail2ban/jail.local
change en jail [ssh]
port = ssh
to
port = ssh, 2224
- restart services
sudo systemctl restart fail2ban
sudo systemctl status ssh