Preventing brute force ssh attacks

The article fail to cover the standard pam module pam_tally. It locks for 
some time an account being attacked and is very simple to configure. In my 
debian server I put 

in /etc/pam.d/common-account:
account required pam_tally.so

in /etc/pam.d/common-auth:
auth required pam_tally.so deny=5 unlock_time=300


That will lock an account being attacked for 300 seconds if password 
failed 5 times. It is effective for all services using pam authentication, 
like imap and authenticated smtp. Just warn users that they will have to 
expect 5 minutes if they fail to log in for 5 times.

Also, with any brute force attack counter measures, in a multi user system 
one must be sure that passwors are strong (if some user chooses as the 
password its own username, chances are that the account will be cracked in 
a single try). One cannot rely on advising people to be responsible. 
Therefore, password cracking tools like john the ripper are very useful. 
That should be covered in the article too.