# 编辑 ssh 配置文件
vim /etc/ssh/sshd_config
# sshd_config 文档内容
port 2222
# 注意还有英文冒号  w：保存 q：退出
:wq
# 重启 ssh
systemctl restart ssh

# 安装 fail2ban iptables vim  -y：自动选择yes
apt install fail2ban iptables vim -y
# 启动 fail2ban
systemctl start fail2ban
# 开启自启 fail2ban
systemctl enable fail2ban
# 查看 fail2ban 状态（出现绿色的字 active (running) 表示正常运行）
systemctl status fail2ban
# 创建并编辑 fail2ban 配置文件（.local文件会覆盖.conf相同参数的文件，所以只需要修改.local即可）
vim /etc/fail2ban/jail.local

[sshd]
enabled = true
port = 2222
findtime = 120m
maxretry = 3
bantime = 365d
ignoreip = 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12 127.0.0.1/8 ::1
logpath = /var/log/auth.log
backend = %(sshd_backend)s



#重载生效
systemctl restart fail2ban

systemctl status fail2ban

fail2ban-client status sshd

# 检查日志
fail2ban-client status sshd
cat /var/log/fail2ban.log

# 解封 IP
fail2ban-client set sshd unbanip 127.0.0.1

# 封禁 IP
sudo fail2ban-client set sshd banip xxx.xxx.xxx.xxx