Make sure to edit /etc/ssh/sshd_config and make the line "PermitRootLogin no" AS SOON AS POSSIBLE, then restart sshd. Then start looking in the the system ssh and/or auth log to see how many people are already trying to brute-force login :-) Running an active response blacklist over ssh can be quite fun, see DenyHosts or other similar projects. -jim