Wireless Access

I have a S1500 switch that I am using for layer 3 roouting to my internet.

My syslog server is choked with the info message:

PRI-O sshd disconnecting: too many authentication failures for root

Is that attempts from the internet-side to ssh in? If so, how do I turn that option off? I have no desire to SSH into this switch from outside my WAN.

The port that faces the internet is int 18.

What command would I use to disallow SSH on this port? I just confirmed that I can enter an SSH session across the internet. I don't need to and I don't want to expose my switch to more risk than is necessary.

It is currently connected:

Metro Ethernet Ciena ---> aruba sw port 18 ---> aruba sw port 20 ---> Fortigate firewall

Funny, the only reason I am seeing these errors is I am sending to a syslog server.

If, on the switch's CLI, I perform a show log all | include "authentication" I get no results.

Further, the syslog is saying the hostname of the message is 10.110.138.13; I have no device at this address and the switch is 10.110.138.138.

Yet I see:

 4/28/2015 14:47 10.110.138.13 Info Apr 28 13:48:09 Aruba-S1500-Admin-WIFI.138:PRI-0 sshd[15974]: Disconnecting: Too many authentication failures for root

coming (in waves of 40 or 50 at a time) from that .13 address.

just after the latest wave of messages:

 4/28/2015 14:47 10.110.138.13 Info Apr 28 13:48:31 Aruba-S1500-Admin-WIFI.138:PRI-0 sshd[16102]: Received disconnect from 43.255.190.132: 11:

and that IP address is definitely not in my network.