Oh yeah, if you ever open up your ssh-server to the interwebs, don’t forget to install a banner. Fail2ban is an excellent tool to prevent this and many other type of attacks:
Jul 11 09:48:45 beeserver sshd[24408]: input_userauth_request: invalid user mitesh [preauth]
Jul 11 09:48:45 beeserver sshd[24408]: Received disconnect from 124.160.194.27: 11: Bye Bye [preauth]
Jul 11 09:48:53 beeserver sshd[24412]: Invalid user webftp from 124.160.194.27
Jul 11 09:48:53 beeserver sshd[24412]: input_userauth_request: invalid user webftp [preauth]
Jul 11 09:48:53 beeserver sshd[24412]: Received disconnect from 124.160.194.27: 11: Bye Bye [preauth]
Jul 11 09:49:01 beeserver sshd[24417]: Invalid user yangjun from 124.160.194.27
Jul 11 09:49:01 beeserver sshd[24417]: input_userauth_request: invalid user yangjun [preauth]
Jul 11 09:49:01 beeserver sshd[24417]: Received disconnect from 124.160.194.27: 11: Bye Bye [preauth]
Jul 11 09:49:09 beeserver sshd[24421]: Invalid user zl from 124.160.194.27
Jul 11 09:49:09 beeserver sshd[24421]: input_userauth_request: invalid user zl [preauth]
Jul 11 09:49:09 beeserver sshd[24421]: Received disconnect from 124.160.194.27: 11: Bye Bye [preauth]
Jul 11 09:49:17 beeserver sshd[24425]: Invalid user zl from 124.160.194.27
Jul 11 09:49:17 beeserver sshd[24425]: input_userauth_request: invalid user zl [preauth]
Jul 11 09:49:18 beeserver sshd[24425]: Received disconnect from 124.160.194.27: 11: Bye Bye [preauth]
Jul 11 09:49:25 beeserver sshd[24429]: Invalid user dr from 124.160.194.27
Jul 11 09:49:25 beeserver sshd[24429]: input_userauth_request: invalid user dr [preauth]
