Funny, the only reason I am seeing these errors is I am sending to a syslog server.
If, on the switch's CLI, I perform a show log all | include "authentication" I get no results.
Further, the syslog is saying the hostname of the message is 10.110.138.13; I have no device at this address and the switch is 10.110.138.138.
Yet I see:
4/28/2015 14:47 10.110.138.13 Info Apr 28 13:48:09 Aruba-S1500-Admin-WIFI.138:PRI-0 sshd[15974]: Disconnecting: Too many authentication failures for root
coming (in waves of 40 or 50 at a time) from that .13 address.
just after the latest wave of messages:
4/28/2015 14:47 10.110.138.13 Info Apr 28 13:48:31 Aruba-S1500-Admin-WIFI.138:PRI-0 sshd[16102]: Received disconnect from 43.255.190.132: 11:
and that IP address is definitely not in my network.