A few weeks ago a guy on a mailing list I'm on asked if there was a way to lock out users who generate too many failed SSH logins. You see, there's a worm going around that tries to guess passwords and break in to your machine. There's not a lot you can do if your users have poorly chosen passwords. Well, now there is.

I've written a script in Perl to watch a log file and look for failed login attempts. I've been running it on my home server for a while and it's working great.

The latest version is 0.3.0 (older versions here). There's not a lot in the way of documentation at this point. The sample config file is commented pretty well, so start there.