Quick and simple protection from login attacks for SSH
Using just open source tools and a few tweaks, it is possible to detect and block suspicious login attempts.
by Daniel Bachfeld
Many people who run servers with SSH access and password authentication get butterflies when it comes to security. If a glance at the server logs shows high volumes of failed logins by automated scripts, it's natural to wonder whether a carefully selected password is going to be adequate to fend off future brute force attacks. Recent attacks on a number of security sites illustrate that the people who run them don't always take their own advice.
Simple measures can repel repeated cracking attempts. There are tools available which count failed logins from specific IP addresses and block further access once a set threshold is reached. These tools utilise a range of approaches for dealing with unwanted attention.
Check h-online for full tutorial