Re: It is happening now
fail2ban Sidenote: You might want to adjust the ban times/attempts to be stricter than the default. An attacker could do a dictionary attack in a reasonable time-frame (weeks/months) by rate limiting the attempts to be slightly looser than the default ban triggers. Especially if you set-and-forget.
Not that the readers here would ever have dictionary-able passwords. (blah blah ssh keys) It just gets annoying with the added noise in the log files - you do check the logfiles, right?