Aspera recommends that you review your SSH log periodically for signs of a potential attack. Locate and open your syslog, for example, /var/log/auth.log or /var/log/secure. Depending on your system configuration, syslog's path and file name may vary.
Look for invalid users in the log, especially a series of login attempts with common user names from the same address, usually in alphabetical order. For example:
... Mar 10 18:48:02 sku sshd: Failed password for invalid user alex from 184.108.40.206 port 1585 ssh2 ... Mar 14 23:25:52 sku sshd: Failed password for invalid user alice from 220.127.116.11 port 1585 ssh2 ...
If you have identified attacks: