I like simple solutions.
My sshd deamon is constantly hammered by Scriptkiddies using random dictionary attacks.
One simple way to prevent most is changing the port where sshd listens on, or use an unusual portmapping.
I don’t really like that however. Don’t ask me why, it has probably something to do with my bad memory. I keep forgetting those ports.
Two other simple mechanisms which you could implement are:
1) restricting allowed useraccounts. Esp. if you don’t have a very common username like Jack or John:
AllowUsers secretuser [email protected]*<br />
By adding the ipaddress you only allow login from that particular ipaddress for that particular user.
2) rectrict the number of tries for password guessing
MaxStartups 10:30:60<br />
From the manpages:
Specifies the maximum number of concurrent unauthenticated con-
nections to the sshd daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10.
Alternatively, random early drop can be enabled by specifying the
three colon separated values “start:rate:full” (e.g.,
“10:30:60″). sshd will refuse connection attempts with a proba-
bility of “rate/100” (30%) if there are currently “start”
(10) unauthenticated connections. The probability increases lin-
early and all connection attempts are refused if the number of
unauthenticated connections reaches “full” (60).
read more at this blogentry at ap-lawrence.