SSH server is by default configured to allow an authenticating client several tries for a period before the authentication is considered a failure. The default configuration allows the users three attempts within 120 seconds (2 minutes) to authenticate, whereby the client will then be given the Permission denied error and the session closed.
The SSH server will log the failed login, and the user will then be allowed to log in again after the period has passed. Temporarily blocking failed SSH login might slow down malicious login attempts but will not deter brute-force attacks by bots.
Related: How to block SSH login brute force
$ sudo vi /etc/ssh/sshd_config [sudo] password for user:
Remove # if exist at the start of the line to uncomment.
Can also use unit such as m for minute. Set the value to 0 to disable the feature.
Add the line if it doesn't already exist and remove # at the beginning of the line if it exists.
$ sudo systemctl restart sshd
Comment anonymously. Login not required.