OpenSSH 9.8 introduces the PerSourcePenalties feature, allowing servers to block client addresses that fail authentication, repeatedly connect without authenticating, or crash the server. This feature is useful in blocking rapid SSH attackers, providing more precise control compared to traditional methods. However, it may affect health checks that rely on SSH responses, with a default refusal duration of one second. The feature aims to slow down attackers without requiring additional configuration, making it a valuable addition to OpenSSH. As users explore the practical implications of this feature, caution is advised before adjusting penalty durations based on individual experiences.
https://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpenSSHPerSourcePenaltiesThings