diff --git a/xml/security_ssh.xml b/xml/security_ssh.xml
index 2c11950c33..f78a050e12 100644
--- a/xml/security_ssh.xml
+++ b/xml/security_ssh.xml
@@ -1829,6 +1829,21 @@ cd path                            Change remote directory to 'path'
       works on authentication log files and by default it scans files such as <filename>/var/log/auth.log</filename>,
       <filename>/var/log/apache/access.log</filename>, etc.
     </para>
+    <procedure>
+      <title>Using <emphasis>Fail2Ban</emphasis> to stop a SSH brute force attack</title>
+      <step><para>To install <emphasis>Fail2Ban</emphasis>, execute: </para>
+        <screen>&prompt.root;sudo zypper -n in fail2ban firewalld </screen>
+      </step>
+      <step><para>When you install <emphasis>Fail2Ban</emphasis>, a default configuration file
+        <filename>jail.conf</filename> is also installed. This file gets overwritten
+        when you upgrade <emphasis>Fail2Ban</emphasis>. To retain any customizations
+        you make to the file, you can copy the <filename>jail.conf</filename> file to
+        another file called <emphasis>jail.local</emphasis>. Both files are automatically read by
+        <emphasis>Fail2Ban</emphasis>.
+      </para>
+      <screen>&prompt.root;cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local</screen>
+    </step>
+    </procedure>
   </sect2>
   </sect1>
 </chapter>