ssh - Invalid users trying to log in to my server - Information Security Stack Exchange
It is very common. Many botnets try to spread that way, so this is a wide scale mindless attack. Mitigation measures include:
- Use passwords with high entropy which are very unlikely to be brute-forced.
- Disable SSH login for
root
. - Use an "unlikely" user name, which botnets will not use.
- Disable password-based authentication altogether.
- Run the SSH server on another port than 22.
- Use fail2ban to reject attackers' IP automatically or slow them down.
- Allow SSH connections only from a whitelist of IP (beware not to lock yourself out if your home IP is nominally dynamic !).
Most of these measures are about keeping your log files small; even when the brute force does not succeed, the thousands of log entries are a problem since they can hide actual targeted attacks. A bit of security through obscurity (such as the unlikely user name and the port change) works marvels against mindless attackers: yeah, security through obscurity is bad and wrong and so on, but sometimes it works and you will not get fried by a vengeful deity if you use it sensibly.
A high entropy password will be effective against intelligent attackers, though, and can only be recommended in all situations.