Blocking SSH break-in attempts with fail2ban

While working on a test system running the CentOS 7 operating system, I noticed a lot of break-in attempts via Secure Shell (SSH) from various IP addresses. I saw the attempts to gain unauthorized access to the system when I issued the command journalctl -xe from the root account. The output of the journalctl command contained entries like the following:

Oct 23 22:27:42 moonpoint sshd[7312]: Failed password for root from 189.85.145.113 port 50222 ssh2

To list the IP addresses involved, I issued the command journalctl -xe | grep 'Failed password for root' to see just the entries logged with "Failed password for root" which I piped to the cut command to eliminate all but the IP addresses from the line. I used two cut commands, the first using the colon character as the delimter on the line, eliminating everything but the characters that occurred after the last colon on the line, and the second using a space as the delimiter and outputting only the IP address. I then piped the output from the cut command into the sort command to sort the output by IP address and then used the -c option with the uniq command to count the number of occurences of entries for each IP address. I saw the following output:

# journalctl -xe | grep 'Failed password for root' | cut --delimiter=: --fields=4 | cut -d ' ' -f 7 | sort | uniq -c
      6 107.189.31.223
      3 114.242.143.121
      7 122.11.148.38
      1 136.144.41.253
      7 161.35.23.213
     22 189.85.145.113
      7 205.185.122.239
      7 205.185.123.33
     18 221.131.165.65
      4 49.88.112.69
      4 65.21.50.45
     15 81.68.131.237
#

So I decided to install the Fail2Ban program to automatically block password attempts from particular IP addresses that have numerous failed logins via SSH in a short amount of time. I first checked if fail2ban was already installed with rpm -qi fail2ban, but found it wasn't installed, so I installed it with yum install fail2ban. I then configured and enabled Fail2Ban per the steps at Using fail2ban on a CentOS 7 system.