Get it here: sshguard.sf.net
./configure --with-firewall=iptables make su - make install
Tweak your syslog (or other logging) to allow it to pipe to a fifo for auth messages and hup your syslog.
Add a firewall rule to chain to iptables (if that is what you run, pf users are suggested to read the man page :-)
iptables -A INPUT -p tcp --dport 22 -j sshguardor if you want to block all attackers on all ports, change the second one to:
iptables -A INPUT -j sshguard
ip6tables apply for lucky ipv6 users!
(make sure you don't load a default allow rule for the ports you want to use sshguard for before the sshguard rules!)
Load it up with either:
auth.info;authpriv.info |/usr/local/sbin/sshguard or if you pipe: mkfifo /var/log/sshguard.fifo auth.info;authpriv.info |/var/log/sshguard.fifo #high up in syslog to split off auth logging. killall -HUP syslogd cat /var/log/sshguard.fifo | /usr/local/sbin/sshguard &