Fail2ban is another ip-banning mechanism to protect ssh.
It scans logs for attackers using regex, then bans them with firewall rules.

Generally, configure fail2ban by checking /etc/fail2ban/jail.conf for filters/options,
and defining them in /etc/fail2ban/jail.local.

WARNING:

fail2ban's documentation is a full major release behind, and it's instructions don't entirely match the program.

Documentation

official docs https://www.fail2ban.org/wiki/index.php/MANUAL_0_8

arch wiki https://wiki.archlinux.org/index.php/Fail2ban

Tutorials

fail2ban 0.8/9 tutorial https://www.the-art-of-web.com/system/fail2ban-filters/

fail2ban install

fail2ban usage

fail2ban configuration

official docs	https://www.fail2ban.org/wiki/index.php/MANUAL_0_8
arch wiki	https://wiki.archlinux.org/index.php/Fail2ban