I'm seeing a lot of failed logins for random users in the auth.log lately -- something trying out a list of 10-20 username/password combinations over ssh. Is there a simple way to dynamically block hosts with too many (more than six) failed ssh logins in a row? chris.