I keep getting e-mail messages from my log stating that unknown users are attempting to connect to my machine using ssh. This started happening immediately after I set up my vps to run DNS.

Should I be concerned? Is there a way to set this message to send me successful logon's as well?

I am currently trying to obtain a static IP address to restrict access to my home PC. Is there anything else I can do? Can I restrict the number of guesses for a password then lock out the IP trying to access my vps?

Hi,
I don't think that you need to be concerned about those, it is just people 'trying it on'. I get quite a few but they have never been able to get access [yet].
You might want to consider Portsentry and Hostsentry, I think you can get them via Apt. I use both of these and they are very useful I find. I am not sure about ssh logins, but I have Portsentry whereby it will automatically block an IP address in the IPTables firewall if there are 2 unsuccessful attempts. I dont know if Hostsentry will do the same, havent checked, but you might like to try anyways.
Or you could try just addign the rogue IP addresses in to the firewall, with iptables it is; iptables -I INPUT -s 0.0.0.0 -j DROP (Replace 0.0.0.0 with the ip address you wish to block)
The onlt other way I can think of at the moment is maybe using the .htaccess method, but they would have to be trying to connect via a website for that.
Hope that helps you a little, the Rimu guys might know of a better way. The only 'real' way to keep people out thought is to simply not run the service!
kind regards,
Arthur

Per our IM chat, the other thing you can do is do a whois lookup on their IP and report the abuse to the IP block owner (typically an ISP or data center).

To do the lookup you can use http://whois.sc/theip or (from your VPS) jwhois theip. Then typically there will be a contact detail for their abuse department (typically abuse@theisp.com). Then write (a polite) email to them and include the offending log excert.

Another option is PortSentry, available here:
http://sourceforge.net/projects/sentrytools/

One of its features is auto-creation of iptables rules when it sees someone port scanning you.

So far I've only used it to avoid port scans, but the SF page says it can "detect suspicious login activity",
so it may work for this problem also.

I've also had a large influx lately of hackers trying to login via SSH. I've been looking up the DNS
info on their IPs and reporting them to their ISPs

Control access to your SSH via firewall or TCP wrappers.

This attack is basically a worm / automated scanning tool that has spread from unpatched, outdated linux boxes. Read more at:

http://seclists.org/lists/incidents/2004/Jul/0081.html
http://seclists.org/lists/incidents/2004/Jul/0109.html

Also, set up a good password policy. This thing has spread mostly on machines with a null root password, apparently.

Good luck!

Jim