I have very little experience in security matters, so I would appreciate any input.

Noticed these two notifications in /var/log/messages today:I don't recognize the ip. Is this harmless or should I be concerned?

that's normal when you have a box connected to the internet (be it directly or through any other means).

some machines out there run port scanners and then (or w/o running scanners before maybe as well *shrug*) run a bot program
to try a combination of usernames & passwords, or only passwords with un=root.

Depending how your machine is set up, it's a risk or not.
external root login is usually disabled, but I think sshd though allows it by default, so have to change that in config.

I usually just add their IPs to the iptables list

Something like this will get rid of repeated attempts:

Something like this will reject further attempts from that location:

Of course you need to save those somewhere that will be executed on startup if you want them to persist between reboots.

As the other person who replied mentioned, this is a common occurrence for any machine on the internet, if you move the ssh port to something in the normal dataport range you might have better luck not getting port scanned and turning off root logins for ssh is always advisable unless you have a specific need for it.

Not harmless. To implement the "disable root login" suggestions, add the following directive to sshd_config and then reload sshd.
Going forward, ssh to your server as a regular user and then su to root.

to get rid of those attempts, i always disable root login in sshd config and install denyhosts (1).
Denyhosts reads the logs then it blocks the ip addresses that try to login with incorrect user or pass via ssh. it uses /etc/hosts.deny


(1) http://denyhosts.sourceforge.net/

regards