I'm sure most people have seen tons of invalid SSH login attempts by some fairly new cracking program that guesses userid's and passwords. The problem is getting worse and more frequent. I was wondering if there is any way to configure SSH to block an IP after a certain number of invalid logins, for a certain amount of time. (i.e. after 5 bad logins, block the IP for a hour). Or maybe there is a IDS that can do that? I looked at snort and can't find anything about SSH. BTW, I'm aware of other ways to make SSH more secure, like not allowing password authentication and only allowing RSA/DSA keys, changing the port SSH listens on, port knocking, etc. I just thought that automatic IP blocking, like I ask about above, would be a good idea under some circumstances. - BS