Defunding Proxmox, Guarding SSH and Web Interface from Brute-Force Attacks with Fail2ban

Proxmox has some well known ports open and a root user account that needs to be open for stuff to work right. This can lead to problems when trying to secure your Proxmox server here is one step you can take to help secure your server.

First we need to install Fail2ban

apt install fail2ban -y

Now it is time to start configuring fail2ban

nano /etc/fail2ban/jail.local

in this file we are going to load a config that will help us guard both the ssh port 22, and the Proxmox web interface on port 8006

port    = ssh
logpath = %(sshd_log)s
enabled = true

enabled = true
port = https,http,8006
filter = proxmox
logpath = /var/log/daemon.log
maxretry = 3 
# 1 hour
bantime = 3600

Fail2ban needs a filter to know what a bad login looks like on the web interface

nano /etc/fail2ban/filter.d/proxmox.conf
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =

Once done we need to restart fail2ban

systemctl restart fail2ban

To see if the config is working


fail2ban-client status sshd

Web Interface

fail2ban-client status proxmox

Leave a Reply