Denyhosts is your friend to stop ssh login attempts
Friday, May 23rd, 2008
If you have a few linux servers that for whatever reason you have to leave open to ssh into on the standard port 22, denyhosts is a great way to get rid of the annoying daily logwatch email logs showing some losers somewhere have been spending all day doing a denial of service trying to brute-force attack their way in to ssh. Better ways are just to not even let ssh be accessible to non-legit IPs as well as disable ssh logins except for a couple of valid users, but in the case of mobile devices, locations, etc. you just sometimes need to have the ability to ssh into servers anywhere and other services might be dependent on the default port number, so changing it to get it out of the range of the script-kiddie or russian mafia is just not an option. It is one thing to have secure passwords, keys, etc. but just the fact they continue to bang on your servers can really rack-up bandwidth and annoyance.
Denyhosts is written in python and works with your logs to (based on your settings) inhibit attempts once thresholds you configure are met on login attempts. Really cool.
http://denyhosts.sourceforge.net
I have tested on ubuntu and centos and works great. The default configs are basically ready for centos/fedora/redhat out of the rpm or from source.