SSH brute force attack means cryptanalytic attack, that is used against any encrypted data. In the brute force attack, attackers scan for SSH daemons exposed to the Internet. The scans can be done by bots; usually automated scans target the regular SSH TCP 22 port. Assuming the TCP port22 is found open, service identification is attempted.

Block SSH brute force attack via two simple Iptables rule.

iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH

iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP