Securing ssh access to your server is important. Every second your system can be a target for dictionary attacks by someone who want to get into your system via ssh. Therefor you should always take precautions like some basic security options i.e. disabling ssh root access and limit ssh access to certain users.

If you take a look at /var/log/secure you might see a lot of Failed password for.... entries on your system:

On a Linux machine users normaly can change the password of their own account. A lot of users use weak passwords and their password might be cracked with a dictionary-, or brute-force attack. The PAM module pam_cracklib.so will perform a number of checks on the new password. For example, the new password may not match the old password, the new password may not be the old password reversed neither the same password but in different case. Weak passwords are not allowed. (These check are also done by the module pam_unix if set to obscure.)

Usually a system will drop the connection after 3 unsuccessful login attempts and may reconnect to try it again. If you setup account lockout you can prevent this, after a number of unsuccessful login attempts the account will be locked out automaticaly.

Edit the file /etc/pam.d/system-auth and add the lines:

pam_unix makes it possible to maintain a users password history and prevent the user will re-use the password. The parameter remember is used to set the number of passwords to keep in the history for each user. An example how to set this up: