I think the ideas suggested so far all have their advantages, but
wanted to suggest one more that I use. If only allowing key based
authentication is not an option I only allow two login attempts per
minute(via iptables). So the scripts time out when trying to run
against my server, and they usually give up and move on. You may also
want to use john the ripper to enforce decent passwords among your users.
Also always keep your ssh server(and PAM) up to date with the newest
security patches.
Kyle
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/