Hi Bjorn, that is exactly what I had in mind. Thank you!
Introduce a configurable threshold for SSH's "illegal users"