查看登陆失败记录
sudo lastb -n 10

sudo apt install fail2ban

sudo vi /etc/fail2ban/jail.d/sshd.local

[sshd]
enable = true
maxretry = 5
findtime = 1m
bantime = 2400h
backend = systemd

开机启动:
sudo systemctl enable fail2ban
启动:
sudo systemctl start fail2ban
查看状态:
sudo systemctl status fail2ban

查看被ban的ip
sudo fail2ban-client status sshd
解除ip屏蔽
sudo fail2ban-client set sshd unbanip ***.***.***.***
日志位置:
/var/log/fail2ban.log

只能根据frps服务端的日志频率限制,防止爆破,因为ssh成功或失败的日志相同

在frp的服务端配置文件

sudo vi /etc/fail2ban/filter.d/frps-ssh-ban.conf

frp-ssh是frp客户端配置中的name字段

[Definition]

failregex = ^.*\[.*frp-ssh.*\] get a user connection \[<HOST>:[0-9]*\]
ignoreregex =

sudo vi /etc/fail2ban/jail.d/frp.local

[frps-ssh-ban]
enabled = true
findtime = 1m
maxretry = 3
bantime = 100d
filter = frps-ssh-ban
logpath = /var/log/frps.log
protocol = all
chain = all
port = all
action = iptables-allports[name=frp,protocol=tcp]

设置一分钟之内重复登陆3次,ban IP,不可设置成一分钟1次,不然登陆就被ban了,可根据情况调整次数