In case you’re still running sshd on port 22 (which you should change!) you’re probably getting hammered with brute force attempts. Take a peak at /var/log/secure or /var/log/wtmp or the “last” command and have a looksy.
There’s a great little application called “denyhosts” which will automatically add suspected brute forcers to your DENY list.
URL : http://denyhosts.sourceforge.net/
License : GPLv2
Description: DenyHosts is a Python script that analyzes the sshd server log
: messages to determine which hosts are attempting to hack into your
: system. It also determines what user accounts are being targeted.
: It keeps track of the frequency of attempts from each host and,
: upon discovering a repeated attack host, updates the
: /etc/hosts.deny file to prevent future break-in attempts from that
: host. Email reports can be sent to a system admin.