Best practices for securing SSH server

[Wojciech Puchar]

>> You can't do more than maybe 10 attempts/second this way, while cracking
>> 10 character password consisting of just small letters and digits needs
>
> 10 characters is a longer than usual password.  Most people have been
> conditioned into using a 7 or 8 character password, which is at least a

so that's the answer how to secure SSH server. use 10 letter random 
passwords.

>> 36^10=3656158440062976 possible passwords, and over 11 milion years to
>> check all possibilities, so say 100000 years if someone is really lucky
>> and will get it after checking 1% possible password.
>
> There is a very big flaw in your analysis here.  You're assuming that
> the passwords people might use are randomly and evenly distributed over

So you already confirmed what i say. It's human problem - for example 
not using random passwords.

Talking about security within that context is a joke.