help? fighting ssh user/password guessing attempts

["Thomas Feddersen" <thomas.feddersen%t-online.de@localhost>]

Dear Group,

in my /var/log/authlog I can see many hackers attempting to get access to  
my system by trying arbitrary usernames. First of all I have disabled  
password authentication so valid users can ony login with a key. Still I'd  
like to lock the respective hosts out, from where these attacks originate.

My research has brought up several programs / demons that parse the  
authlog file at certain time intervals and adjust the firewall  
accordingly. Among them are fail2ban, denyhost OSsec, and blockhosts.

I've also found PAM-af, which is available through pkgsrc  
http://www.netbsd.org/packages/security/pam-af. If I understand correctly,  
this hooks immediately into the authentication framework and can repel  
attacks at the place where they get detected first. Although I have read  
Chapter 17 of the NetBSD Guide  
http://www.netbsd.org/docs/guide/en/chap-pam.html I don't really  
understand it. What config files do I have to modify how? Is PAM and / or  
a firewall (which? - PF, IPFilter, iptables) enabled by default?

I still need more assistance in setting PAM-af up. Can somebody please  
help me or point out a howto? Does anybody have experience with PAM-af?

Kind Regards
Thomas

--