Using IPTABLES it is possible to monitor and deny SSH access to prevent Brute Force Attemtps.
The simple rules below will allow monitor new SSH connections, and if multiple unsuccessful login attempts are made, the IP will be blocked by IPTABLES for a period of 5 minutes.
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –set –name SSH
iptables -A INPUT -p tcp –dport 22 -m recent –update –seconds 60–hitcount 4 –rttl –name SSH -j LOG –log-prefix “SSH_brute_force_attack: ”
iptables -A INPUT -p tcp –dport 22 -m recent –update –seconds 300 –hitcount 4 –rttl –name SSH -j DROP
To adjust the timings/ login attempts, –hitcount should be n+1, where n is the number or permitted attempts, and –seconds on line 3 is the period of which the IP is disabled.