It’s scary out there in Internet Land. I have just checked the logs on one of my servers and in the last 24 hours the server received 827 failed login attempts via SSH. The attacker ran through a list of random usernames sorted alphabetically and the password they attempted to log in with for each username was “password”. Very imaginative.
These sort of attacks are normally just script kiddies. They just iterate through IP addresses until they find one with port 22 open. The ones I’ve seen normally go for ‘admin’, ‘root’ or ‘test’ user names. After my initial worry I realised they weren’t going to crack my box. But visting a few Linux forums it’s amazing how many people have an account ‘test’ on their machine without a password and ssh installed.
I think having root ssh access disabled and a sufficiently long password for your other account is enough. If you’re paranoid you could disable password access and require keys, but then you can’t login from any machine.