[opk]

It's interesting that "The transport protocol doesn’t cover who sends their banner first". It'd be good if I could configure my server to keep quiet until the client identifies itself as an SSH client. I run it on an unusual port and it gets scanned frequently. sshguard helps but I'd prefer it wasn't announcing to any client that it is an ssh server.

[DDub]

Sslh would give you this ability, if you're prepared to shim an extra program infront of your daemon; http://www.rutschle.net/tech/sslh.shtml

[rsync]

"It'd be good if I could configure my server to keep quiet until the client identifies itself as an SSH client. I run it on an unusual port and it gets scanned frequently."

This is unpopular, but you could implement port knocking.

Now the rest of the world doesn't even see your sshd - on any port. I love the idea and have implemented it everywhere that it's practical.

[bartvk]

sshguard is amazing, I routinely install it on any new servers. It comes with the standard Debian and derivatives' repositories.

After installation, simply type:

$ sudo apt-get -y install sshguard

And then edit the whitelist to include your local IP if you want;

$ sudo vim /etc/sshguard/whitelist $ sudo service sshguard restart

[tokenizerrr]

How does sshguard compare to fail2ban?

[opk]

I never used fail2ban: sshguard was simply what I came across first and it was easy to setup and worked as advertised. The Arch wiki states: "sshguard is different from the other two in that it is written in C, is lighter and simpler to use with fewer features while performing its core function equally well."