The first measure that should be taken is the deactivation of password authentication. By only accepting private keys connections that attempt password authentication will automatically fail thus rendering brute force password attacks useless. To disable password authentication set the following option in /etc/sshd_config: PasswordAuthentication no Use control-w to locate the phrase, uncomment the line by removing the ‘#’. You have to explicity set the option to ‘no’. Then create the private, and public keys with: ssh-keygen Follow the onscreen prompts, and set a reasonably secure password if you choose. You can leave the passcode out to enable passwordless ssh login. Then transfer the public key to the client machine using the ‘scp’ command. For example: scp /home/user/ssh/id_rsa.pub 192.168.0.*:/ssh/authorized_keys2 You can also block offending ip addresses with Fail2Ban. For more information about this automated brute force prevention applications visit: http://www.bgevolution.com/blog/index.php/dos-and-brute-force-prevention-using-fail2ban/