I’m the wrong person to ask about logon or network security. It only took a few seconds to figure out how to use THC-hydra though, with a little help from the wizard tool.
As you can see, pointing the business end of hydra back at ssh on my machine seemed to work well. I can attest for it beyond that screenshot, in that I tried it again with my actual password, and it came back with a positive result.
I will admit I mostly pulled up short with hydra after that, out of a lack of viable targets and a lack of expertise. And probably I’d do well not to tempt fate by poking at someone else’s server.
hydra can handle a long list of network protocols, so it’s not just ssh that is under scrutiny.
I didn’t work with hydra long enough to see how to get it to actually crack a password, but the home page and documentation has more than enough information to set me down on that path.
thc-hydra is in AUR but is precompiled in ArchAssault, a repository aimed at security testing. I don’t see it in Debian though, although it might exist in a Debian-based derivative.