While your SSH connection can be secure, you can still be susceptible to DDOS attacks on your server. Fail2ban is a service which helps mitigate these attacks.
Once you have logged in to your server we need to update your package index and install Fail2ban. We can do so by running the following.
sudo apt-get update
sudo apt-get install fail2ban
Once it’s installed, the service should start on it’s own and you should be good to go since it provides a default configuration profile.
The file “fail2ban.conf” contains your configuration profile. If you wish to do any changes, you should do them in “fail2ban.local”, this can be done by running.
cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
Once the copy has been made, you can edit the .local file and it will replace the settings in the .conf file while keeping the original one intact.