There are a number of different packages out there to shut out IPs from which brute-force SSH attacks are launched on your system. For example:
What are the pros/cons of these, or any others?
My current solution is to take the email that logwatch generates every day and dump the egregious IP addresses into a text file which I feed into a script that then rebuilds iptables. It's hacky, time-consuming and manual, and I'd like a better way.
(Note that I didn't ask what was the "best" way to solve the problem, because there is no "best" way to do anything.)
Best Answer
I use DenyHosts, so I can at least answer for that:
Pros
Cons
I don't have any irreparable cons, as long as you use it correctly:
/etc/hosts.allow
. I locked myself out once just failing at typing my password, and once somebody from work tried to login to my root account as a joke and blacklisted my work IP, and it took me a few days to figure out why I suddenly couldn't connect to my network from work anymore