I get 1 failing SSH connection attempt per second from different IP. What can i do?
The DenyHosts package is one that is freely available and will block "bots" from attempting repeated attacks to your ssh port.
http://denyhosts.sourceforge.net/
Great software for blocking them.
Note: it's also included in many distros by default.
- You can install fail2ban. It serve exactly this purpose, blocking brute force attempts. It works with other servers like http/ftp/etc too.
- You can block the ip manually but this is more a temporary solution.
- You can change the SSH port as you suggest. Unless it is a requirement for you to run it on the standard port, this is a very good idea. Most attackers won't take time to find out if you have a public ssh server running and on what port, except maybe if the attack is targeted specifically at you.