jeffatrackaid - 11:22 pm on Jan 14, 2009 (gmt 0)

If you can limit access via iptables, then you can block all of this. Most versions of SSH use tcp wrappers so you can use /etc/host.allow /etc/host.deny if you are not comfortable using iptables.

Also there are some options within SSH itself that can help.

MaxAuthTries #

This limits the number of password attempts per connection. For a brute-force attack a low number means the attacker has to initiate another connection to the server. This slows down the attack.

You could switch to key only authentication and disable passwords completely.

Lastly, there are tools such as DenyHosts:
[denyhosts.sourceforge.net...]
Which can auto-block offending IP addresses.

I've recently saw a PAM module that did the same thing. I need to dig up the link. I like the PAM module as it is relatively transparent to most applications and protects SSH as well as other systems that use PAM authentication.