If you discover lots of ssh connection tries in your
/var/log/auth.log (bots testing users/passwords), you have to do something.
The simpler is to use an IP restriction rule in your iptables firewall, or in
If you don't want or can't use this restriction, use Fail2ban:
aptitude install fail2ban
The default install blocks SSH connection tries.
You can tune the config a bit or activate Fail2ban for other services. Example:
vi /etc/fail2ban/jail.conf bantime = 86400 maxretry = 10 # pour ssh enabled = true # pour vsftpd maxretry = 10 # pour vsftpd
iptables -L command gives you all banned IP addresses.