Brute-force attacks on user passwords via SSH work, because SSH does not limit the number of simultaneous connections. If you use SSH and Screen to manage your host, you will most likely never need more than three connections.
- A connections for the Screen session.
- A connections to transfer files with SCP.
- And a spare connection, if your Screen connection hangs or you need another simultaneous file transfer.
iptables -I INPUT 1 -p tcp --syn --dport 22 \ -m connlimit --connlimit-above 3 --connlimit-mask 32 \ -j DROP