Ralf Ronneburger wrote:
Oh, yes, I get those every day. However, look at them more closely. I haven't had a single case in several years where the same username was tried over and over. They'll knock on the ssh port trying a whole bunch of usernames, but only one or two passwords, and usually no password at all.
I can confirm this, their dictionaries are normally < 50 words, the most I've seen lately are about 200 entries from one IP.
DenyHosts is your friend in those situations, It will block the kiddie in 30 seconds and reduce the number of log entries.