$ sudo urpmi sshutout
"Fail2ban is an extensible Swiss-army knife of brute-force authentication prevention and it comes with an additional filters to detect other attempts to compromise your system. If you do nothing but install it, run it, keep it updated and turn on its filters for any services you run, especially SSH, you will be far better off than you were otherwise." -- Greg Bledsoe
$ sudo urpmi fail2ban
Once installed, it will be started automatically. The configuration file is located in /etc/fail2ban.conf.
Sshutout is Bill DuPree's system daemon that is intended to be run from the server startup script. It periodically monitors log files looking for multiple failed login attempts via the Secure Shell daemon (sshd, or optionally, sshd2). The daemon is meant to address what are known as "dictionary attacks" which are scripted, brute-force attacks that use lists of user names and passwords to attempt unauthorized intrusions. You can use chkconfig to start it.
$ sudo chkconfig --level 5 sshutout on
The sshutout GitHub page has some pretty good - but brief - documentation of its use. The complete documentation is found in /usr/share/doc/sshutout/sshutout.html after you have installed the application. The configuration file is found at /etc/sshutout.conf.
The daemon reads /var/log/messages to see what intruders might be afoot, so you must also install rsyslog or syslog-ng if your system uses sysctl to run system services.
Using fail2ban to Block Brute Force Attacks