Is there a way to temporary ban/ignore an ip after a number of failed requests?
I have set the allowable tries to 2 before it disconnects the user but i also want to block brute force attacks from escalating into a DoS attack. If the option is not available, i'm pretty surprised such a option is unavailable.

There is a script called "DenyHosts", google it, or you might get it via yum as well. I've played with it, and it seems to do the job...altough I am still trying to fully understand it....

here's two i found on google. Haven't tried them so i cant say how well they work.
Authfail - http://www.bmk.bz/?p=60
BlockHosts - http://www.aczoom.com/cms/blockhosts/ <--- this one seems pretty good

Will check them out. Thanks

have you looked into portsentry?? Nice program for blocking port scans.

hosts.allow and hosts.deny in /etc

One problem with this is in hosts.allow you can state All and in deny put the IP in question, problem with this is if the culprit is dynamically assigned this is not a good defense. Just a matter of person picking up new IP from his ISP and can start over again.

Other option is setting deny to All and setting allow to specific IP's and/or Ranges, Problem with this is if you access from various locations. That do not have static IP's you will run into problems gaining access.