Since SSH is one of the most pervasive ways to manage servers remotely, it is also one of the most plagued by brute force attacks. What follows is a simple set of Suricata rules to stop the majority of SSH brute force attacks. It will drop connections based on the reported SSH client version.
There are other more effective measures that can be implemented to block these type of attacks (two factor authentication, IP white list, etc.). Admittedly these rules won’t stop the willing attacker, they will however stop the lazy one, that is looking for the low hanging fruit.
Now, onto sleeping more easily at night ;)