It may help a little but these aren't brute force attacks you're seeing - they're just quick attempts to connect with either a blank password or a common bad-password like the word 'password' as a password. SSH uses challenge-response authentication which means it can (and does) enforce a delay after a wrong password and forces a disconnect after (by default) 3 wrong passwords. This makes brute-force dictionary or common password list attacks take too long to be practical.
A better solution might be to simply run the ssh daemon on a port other than 22, all ssh clients I know of can specify the port to connect to. I moved mine to another port and since then I've got no false connection attempts - it simply takes too long to scan even all the service ports of a computer for one that's open, so the script kiddies and crackers that do this only scan port 22.
Quote:
then again it could be fairly easy to maliciously find out the users on a system
|
Not through ssh its not. ssh has been specifically designed to not give any information about which usernames are valid on a system. Most other daemons have similar safeguards against giving out information like that about the system.