Fail2ban is server software that watches your log files for multiple failed login attempts, then uses iptables to temporarily ban the source ip address.
I’m surprised it took me this long to find this.
With apt-get, it’s as simple as:
apt-get install fail2ban
The default configuration ( /etc/fail2ban/jail.conf ) is pretty good out of the box.