diff --git a/machines/storage01/_configuration.nix b/machines/storage01/_configuration.nix
index ebcceba..aedf297 100644
--- a/machines/storage01/_configuration.nix
+++ b/machines/storage01/_configuration.nix
@@ -3,6 +3,7 @@
 lib.extra.mkConfig {
   enabledModules = [
     # List of modules to enable
+    "dgn-fail2ban"
     "dgn-web"
   ];
 
@@ -17,6 +18,8 @@ lib.extra.mkConfig {
   ];
 
   extraConfig = {
+    dgn-fail2ban.jails.sshd-preauth.enabled = true;
+
     dgn-hardware.useZfs = true;
 
     dgn-runners.enable = true;
diff --git a/modules/dgn-fail2ban/jails.nix b/modules/dgn-fail2ban/jails.nix
index ec87fd6..8562f6c 100644
--- a/modules/dgn-fail2ban/jails.nix
+++ b/modules/dgn-fail2ban/jails.nix
@@ -68,6 +68,18 @@ _: {
     };
   };
 
+  sshd-preauth = {
+    filter.Definition = {
+      failregex = "Received disconnect from <ADDR> port .* Bye Bye \\[preauth\\]$";
+      journalmatch = "_SYSTEMD_UNIT=sshd.service";
+    };
+
+    settings = {
+      findtime = 600;
+      maxretry = 1;
+    };
+  };
+
   sshd-timeout = {
     filter.Definition = {
       failregex = "fatal: Timeout before authentication for <ADDR>.*$";