In my experience, fail2ban does only help if there is a small number of IP addresses requests come from. I usually observed a trickle of requests from huge number of IP addresses, at most 1-2 request from each IP over the course of days.
tarpit will likely hurt yourself as the system ties up sockets for a long time and you'll run out eventually. You'd have to combine the tarpit with something to limit the number of connections you accept.
IMO, setting up ssh on another port has been useful, especially combined with port knocking. And of course turning off password auth.
tarpit will likely hurt yourself as the system ties up sockets for a long time and you'll run out eventually. You'd have to combine the tarpit with something to limit the number of connections you accept.
IMO, setting up ssh on another port has been useful, especially combined with port knocking. And of course turning off password auth.