Hello, once in a while (say, every two weeks) I get a brute-force login/password scan attempt in my server (i.e., a single ip tries dictionary account names and passwords at random). SSH access is needed by many users, and (RSA/DSA key)-only access is, at present time, unwanted. So far none such attempt was lucky (to my knowlege), but it always gives me creeps when I see unusually big logwatch reports, and my contacts to sysadmins of originating networks are usually ignored.
Any ideas? Maybe there is a way to temporarily block ips upon such attempts (is this a FAQ?), or maybe divert them like what portsentry does for portscans?
