Looking at my auth.log on an internet accessible server. I notice that there has been 3071 unsuccesful login attempts since last the logs rotated.
cat /var/log/auth.log | grep invalid | grep ssh | wc 3071 49136 327541 # does any one know how to match two arguments using AND logic for grep? # let me know if you do.
Hmm I had better do something about it:
Good general guide on Securing SSH
How to get a Debian / Ubuntu box to keep the iptables configuration across reboots