Once you have upgraded your copy openssl you can determine which processes need to be restarted by running the following command (only tested on Linux):

sudo lsof +c0 |grep DEL |grep libssl |awk '{ print $1 }' |sort |uniq

Note that just because a process is listed here doesn't mean it is vulnerable to the leak, it just means that it is linked to the vulnerable version of libssl.

I use netfilter/iptables with the 'recent' and 'tarpit' modules to block SSH brute force attempts:

$IPTABLES -N SSH_ATTACK
$IPTABLES -A INPUT -i $EXT_IF -p tcp --dport 22 -m state --state NEW -m recent --name SSH --set --rsource -j SSH_ATTACK
$IPTABLES -A SSH_ATTACK -s $TRUSTED_HOST -j RETURN
$IPTABLES -A SSH_ATTACK -m recent ! --rcheck --seconds 60 --hitcount 3 --name SSH --rsource -j RETURN
$IPTABLES -A SSH_ATTACK -j LOG --log-level $LOGLEVEL --log-prefix "SSH Brute Force Attempt: "
$IPTABLES -A SSH_ATTACK -p tcp -j TARPIT

More info is available in this message on the Netfilter mailing list.

If possible, use the 'TARPIT' module because it significantly slows down the automated scanners that are being used to perpetrate these attacks.