The readme plays a gif of " Out of the box detection" and bans ip. But after the installation there’ s a message saying it would not ban anything unless a bouncer is configured. My question is does it ban ssh IP after default installation?
Crowdsec itself provides the detection mechanism, but the counter measures are provided by the bouncers. If you want to ban IPs from ssh for example, you would need to use a bouncer such as the
cs-firewall-bouncer (that you can find on the hub : https://hub.crowdsec.net/browse/#bouncers)
So to answer your question : “My question is does it ban ssh IP after default installation?” : No, you need to install a bouncer for this to happen. If you only install crowdsec, it will only “detect” the attacks.