I noticed a serious pressure from various external users that tried to log into my sshd using a lot of different invalid user names, so I decided to look for a tool keeping those a bit further apart. I came across a version of sshd_sentry.pl from 2004. I had to do some slight updates to make it work on a current debian machine, the script can be found at sshd_sentry.pl. After that file is adjusted to local use by setting some values on some of the first lines, it can be saved in /usr/local/sbin and automatially started using sshd_sentry
The script looks for multiple failed login attempt or login attempt by suspicious user names and adds the host to hosts.deny.