Fail2Ban: locked out of own server

Regain access to a server after Fail2Ban bans your own IP address from the SSH jail.

Fail2Ban: locked out of own server
When Fail2Ban Produces This Error
What Causes Fail2Ban to Lock Out the Administrator
How to Fix a Fail2Ban Lockout
How to Verify the Fix

Fail2Ban: locked out of own server

Fail2Ban bans the administrator's own IP address from the SSH jail, preventing access to the server.

When Fail2Ban Produces This Error

The administrator cannot SSH into the server after multiple failed login attempts (mistyped password, wrong SSH key). Fail2Ban has banned their IP address.

What Causes Fail2Ban to Lock Out the Administrator

Fail2Ban treats all IP addresses equally. If the administrator's IP triggers maxretry failed authentication attempts within findtime, Fail2Ban bans it using the configured firewall action.

How to Fix a Fail2Ban Lockout

Access the server through an alternative method — the hosting provider's web console (VNC/KVM), a different IP address, or physical console access.

Unban the IP address:

sudo fail2ban-client set sshd unbanip 203.0.113.10

Add the administrator's IP to the whitelist to prevent future lockouts:
```
[DEFAULT]
ignoreip = 127.0.0.1/8 ::1 203.0.113.10
```
Restart Fail2Ban:
```
sudo systemctl restart fail2ban
```

How to Verify the Fix

Confirm the IP is whitelisted:

sudo fail2ban-client get sshd ignoreip