I'm surprised nobody mentions sshdfilter in these posts, apparently it's less popular. From
what I've heard it does about the same as denyhosts, using the sshd logs and iptables to block
Since installing it and switching to only-passkeys, and limiting the valid users with
AllowedUsers in sshd_config, I feel quite secure about having sshd on port 22, and I don't get
many attempts at all.
I'm not sure how valid the comment in the article is, about such an approach not working for a
botnet: sshd_filter typically blocks after the first invalid username, so only one attempt
comes through. If a thousand hosts tried at the same time this may indeed blow up.