Comment 1 for bug 1540073

Brute force is a most commonly used method to break into the system. As long as people use weak passwords, the bad guys will be always trying to brute force them. Not only for SSH, but we often see brute forces via SMTP, POP, IMAP, FTP, API services or to admin panels (Horizon in our case). Defending against such attacks is very difficult and don't have the common solution, so 'Fail2Ban' is only one of possible solutions and not an ideal because, for example, it can block the normal user login attempts and doesn't have any mechanisms to detect the bad guy.

This is actually not a Fuel bug, but security infrastructure problem. A system administrator should change the standard password during installation of the Fuel, they also can block suspicious remote SSH logins using any kind of firewalls (external or even internal 'iptables'), can configure a different port for the SSH service, or at least successfully disable SSH service at all, or even shutdown and don't use Fuel after successful installation of the OpenStack cluster.