What do you guys think of using complex usernames for security? Everyone says use complex passwords but I havent hear anyone mantion user names. Reason Im asking is that i see once in a while a SSH attack on my server. The list usually includes generic names but never anything more creative.

If you are getting attacks on common names, then yes try out some complex ones and see if that makes a difference. I had heard of one person trying to change root to something else (in the hopes of stopping simple canned attacks). Maybe it will make a difference with the complex names, then again it could be fairly easy to maliciously find out the users on a system.

It may help a little but these aren't brute force attacks you're seeing - they're just quick attempts to connect with either a blank password or a common bad-password like the word 'password' as a password. SSH uses challenge-response authentication which means it can (and does) enforce a delay after a wrong password and forces a disconnect after (by default) 3 wrong passwords. This makes brute-force dictionary or common password list attacks take too long to be practical.

A better solution might be to simply run the ssh daemon on a port other than 22, all ssh clients I know of can specify the port to connect to. I moved mine to another port and since then I've got no false connection attempts - it simply takes too long to scan even all the service ports of a computer for one that's open, so the script kiddies and crackers that do this only scan port 22.

Not through ssh its not. ssh has been specifically designed to not give any information about which usernames are valid on a system. Most other daemons have similar safeguards against giving out information like that about the system.

in /etc/ssh/sshd_config. I cannot think of any reason to allow root login over ssh. And that will stop brute forcing of root in its tracks.