If you discover lots of ssh connection tries in your /var/log/auth.log (bots testing users/passwords), you have to do something.
The simpler is to use an IP restriction rule in your iptables firewall, or in /etc/hosts.deny
If you don’t want or can’t use this restriction, use Fail2ban:
aptitude install fail2ban
The default install blocks SSH connection tries.
You can tune the config a bit or activate Fail2ban for other services. Example:
vi /etc/fail2ban/jail.conf bantime = 86400 maxretry = 10 # pour ssh enabled = true # pour vsftpd maxretry = 10 # pour vsftpd
Then, the iptables -L command gives you all banned IP addresses.