How can I block ssh brute force attempts in OS X 10.11?

macos ssh firewall

I've been researching opening up SSH like this on other *nix based systems, and most suggest two things. I'm sorry but I don't know how to do either on MacOS.

  • Fail2Ban - Which bans IPs that have too many failed login attempts
  • key rather than password based SSH logins. I believe you can take your key around with you if you want to use public machines.

Related

Add minor OS X update to existing El Capitan bootable Install USB
Configure sandbox permissions
Assigning icons system-wide based on filename without extension
Time Machine Encryption Specs
Limit what a tethered iPhone internet connection can be used for
Unable to change function keys like before
Boot Camp "Can't install the software" error
After restoring my iPhone from an iCloud backup, all my photos are greyed out. How can I get them back?
Why does my iPhone not have any audio during phone calls?
Mac storage usage
As part of "nuking it from orbit", is it safe to reinstall the OS using Recovery?
Signing an App that includes Java fails