@chemist - only ONE attempt to attack SSHD?
I get them all the time, just ignore them - though I'm running on the standard port 22 I tried moving it for a time and found it didn't stop the attacks for long, I guess they found it via port scanning. Here's what I've had in just the past hour:
Dec 1 12:53:48 REDACTED sshd[610]: Connection closed by 75.167.206.109 [preauth]
Dec 1 13:03:48 REDACTED sshd[738]: Connection closed by 75.167.206.109 [preauth]
Dec 1 13:13:48 REDACTED sshd[872]: Connection closed by 75.167.206.109 [preauth]
Dec 1 13:16:13 REDACTED sshd[882]: Did not receive identification string from 117.4.112.87
Dec 1 13:16:14 REDACTED sshd[883]: Address 117.4.112.87 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Dec 1 13:16:14 REDACTED sshd[883]: Invalid user support from 117.4.112.87
Dec 1 13:16:14 REDACTED sshd[883]: input_userauth_request: invalid user support [preauth]
Dec 1 13:16:15 REDACTED sshd[883]: pam_unix(sshd:auth): check pass; user unknown
Dec 1 13:16:15 REDACTED sshd[883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.4.112.87
Dec 1 13:16:17 REDACTED sshd[883]: Failed password for invalid user support from 117.4.112.87 port 51949 ssh2
Dec 1 13:16:18 REDACTED sshd[883]: Received disconnect from 117.4.112.87: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Dec 1 13:23:48 REDACTED sshd[910]: Connection closed by 75.167.206.109 [preauth]
Dec 1 13:33:47 REDACTED sshd[1225]: Connection closed by 75.167.206.109 [preauth]
Dec 1 13:43:48 REDACTED sshd[1346]: Connection closed by 75.167.206.109 [preauth]
Dec 1 13:47:33 REDACTED sshd[1354]: Did not receive identification string from 212.83.161.12
Dec 1 13:47:34 REDACTED sshd[1355]: Invalid user support from 212.83.161.12
Dec 1 13:47:34 REDACTED sshd[1355]: input_userauth_request: invalid user support [preauth]
Dec 1 13:47:34 REDACTED sshd[1355]: pam_unix(sshd:auth): check pass; user unknown
Dec 1 13:47:34 REDACTED sshd[1355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212-83-161-12.rev.nameserverdot.com
Dec 1 13:47:36 REDACTED sshd[1355]: Failed password for invalid user support from 212.83.161.12 port 56924 ssh2
Dec 1 13:47:37 REDACTED sshd[1355]: Received disconnect from 212.83.161.12: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]