I’ve used fail2ban in the past on Ubuntu, and it was very easy to setup.
Apparently on Debian, there is no /var/log/auth.log, and it does not use iptables, so fail2ban is not seeing the failed login attempts and jailing the purp.
Has anyone set this up successfully before? I see suggestions online to set backend = systemd, but this does not seem to be fixing the issue for me.
If you’re looking for an SSH jail I think the Arch docs are going to be relevant, as it looks like it’s configured much differently with systemd.
https://wiki.archlinux.org/title/Fail2ban
Oooh, good point. I’m not even sure if I should be using this with cert only based auth