After suffering (noticing) a 8 hour brute force attack on my test box, I installed DenyHosts and put the box back on the street. So far, this little proggy has banished all further attacks, pronto. There is a couple minor tweaks needed to get it going, but I've tried to document.
Code:
##Installing and configuring DenyHosts##
$ cd /tmp
$ wget http://internap.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.6.tar.gz
$ tar zxvf DenyHosts-2.6.tar.gz
$ cd DenyHosts-2.6
##As root
# python setup.py install
# cd /usr/share/denyhosts
# cp denyhosts.cfg-dist denyhosts.cfg
# nano denyhosts.cfg
####Make the needed changes to .cfg file
#comment out all options but the following:
SECURE_LOG = /var/log/auth.log
HOSTS_DENY = /etc/hosts.deny
PURGE_DENY =
BLOCK_SERVICE = sshd #Note you might want to change this one to: = ALL
DENY_THRESHOLD_INVALID = 2
DENY_THRESHOLD_VALID = 3
DENY_THRESHOLD_ROOT = 2
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /usr/share/denyhosts/data
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES
LOCK_FILE = /var/run/denyhosts.pid
#Optional settings can be setup to email you when denyhosts blocks an ip address.
####
# cp daemon-control-dist daemon-control
# nano daemon-control
####Make the needed changes to daemon
DENYHOSTS_LOCK = "/var/run/denyhosts.pid"
PYTHON_BIN = "/usr/bin/python"
####
# chown root daemon-control
# chmod 700 daemon-control
#### Next to start and set to start at next boot
# /usr/share/denyhosts/daemon-control start
# cd /etc/init.d
# ln -s /usr/share/denyhosts/daemon-control denyhosts
# update-rc.d denyhosts defaults
##########FINISHED############
To make sure DenyHosts is running, check the log (# cat /var/log/denyhosts) I have it set up to email me when and IP gets banished to the cornfield.