I checked my
/var/log/messages recently and it turns out my SSH server on my home machine is being hammered with login attempts. I suppose that's pretty common and it's probably just a bunch of bots. I carefully grepped through my logs and none of the login attempts were successful (so far as I can tell), which is good. One IP tried the following usernames one after the other:
staff sales recruit alias office samba tomcat webadmin spam virus cyrus oracle michael ftp test webmaster paul guest admin linux user david web apache pgsql info tony core newsletter named visitor ftpuser username administrator library test admin guest master admin admin admin admin test test webmaster username user admin test danny alex brett mike alan data www-data http httpd pop backup info shop sales web www wwwrun adam stephen richard george john angel pgsql ident webpop susan sunny steven ssh search sara robert richard party amanda rpm sgi users admins admins dean unknown securityagent tokend windowserver appowner xgridagent agent xgridcontroller jabber amavisd clamav appserver mailman cyrusimap qtss eppc telnetd identd gnats jeff irc list eleve proxy sys zzz frank dan james snort radiomail harrypotter divine popa3d aptproxy desktop workshop mailnull nfsnobody rpcuser rpc gopher
Are there really that many people in the world using "harrypotter" as their usernames? Other common login attempts seem to be for usernames "admin" and "oracle".
I've started taking SSH security more seriously since then. I limited the number of login attempts you can make before it blocks you. I made sure root login in SSH is disabled entirely. And I have SSH listening on a non-standard port. That last one is "security though obscurity", sure, but it seems to defeat bots. I've had 0 login attempts at all since I've moved to a different port. I've had a lot of garbage connection attempts, but those are apparently bots looking for a different service since they don't provide any identification at all. My next step is probably limiting login to using a key file I'll carry around with me on a flash drive, if I can figure out how to get that working.