Like fail2ban. Nothing quite like the anxiety of almost locking yourself out of your own system because you mistyped a password one too many times. It's a delicate balance (although, for something like SSH, I wouldn't even bother, unless the traffic is measurable enough to cause issues. But then you're getting (D)DoS'd, and you probably have bigger problems).