I do see more brute force attempts @ ssh these days and start wondering how much longer some script kiddie needs to make the algortihm a bit more clever (and eg attack user names on certain hosts which are likely to exist. This could be harvested eg from email addresses...).
I have hacked a script which tails /var/log/secure and reacts on attempts to log in as root with password. Such offending IPs are then denied port 22 access. Any comments, positive or negative, on this?
IMO:
Don't use port 22. Choose a 'random' high port. If that won't work for you, e.g. you need access to your machine from behind a customer's firewall that blocks most outgoing ports, use some other port that they do allow and is not commonly scanned.
Disable password authentication and use RSA, unless you really need to access your fedora from a system not known in advance. Think twice about that; the system could have a keystroke logger, etc.
If you only need SSH access from specific locations, allow only specific IPs (or if dynamic, small IP ranges) to connect.
Of course, promptly install any security patches for SSH.
I see no problem with your automatic blocking, as long as a valid user will not accidentally trigger it. For example, if you normally log in as root using RSA, and RSA authentication fails because of a transient technical problem, then the client might default to password authentication and trigger your block. That should not be a problem, if the account you connect to is not named 'root'.
--Stewart
