If you run a Unix server on the Internet, your server will, eventually, be hit by either a script kiddie or a botnet which will try to guess SSH passwords in order to gain access to your system. Here are a number of resources and methodologies to block frequent brute force SSH attempts on your server(s).
Use IP Tables (Our Preferred Method)
We assume you have basic knowledge of iptables and the unix command line. If you don’t, be careful as you can easily lock yourself out of your own server!
Option #1 Use IP Tables to only allow SSH access from known static subnets/hosts. If you want access to your server from a dynamic IP address, for example your hotel room or your cell phone internet connection, this is not a option. You can also block IP addresses from various countries that perhaps you’re experiencing a problem with. A country IP address database is available at http://www.ipdeny.com/ipblocks/
Option #2 Dynamically ban using IP tables. The idea here is to set a rate of failures, and if that rate is exceeded, the IP address is dynamically banned for a period of time.
To create whitelist for known good static IP addresses or IP ranges, just add a line similar to this above the rulesets below line: