diff --git a/roles/base/tasks/firewall.yml b/roles/base/tasks/firewall.yml
index e21fb51..1d51846 100644
--- a/roles/base/tasks/firewall.yml
+++ b/roles/base/tasks/firewall.yml
@@ -23,6 +23,17 @@
     name: ssh
     rule: limit
 
+- name: Remove Fail2ban defaults-debian.conf
+  file:
+    path: /etc/fail2ban/jail.d/defaults-debian.conf
+    state: absent
+
+- name: Install OpenSSH's Fail2ban jail
+  template:
+    src: fail2ban-ssh.conf.j2
+    dest: /etc/fail2ban/jail.d/sshd.conf
+  notify: restart_fail2ban
+
 - name: Enable firewall
   ufw:
     state: enabled
diff --git a/roles/base/templates/fail2ban-ssh.conf.j2 b/roles/base/templates/fail2ban-ssh.conf.j2
new file mode 100644
index 0000000..8b7a8c1
--- /dev/null
+++ b/roles/base/templates/fail2ban-ssh.conf.j2
@@ -0,0 +1,3 @@
+[sshd]
+mode = aggressive
+enabled = true