"Turning off ssh is of course first option, strong paswwords is a must also, but it could be a good security measure try to block an IP address for a while after a few failed login attempts,to prevent this, Seems to be a robot trying a list of names against my server.
Any ideas?"
If you do not want to implement the use of ssh key pairs, you could move the ssh port to a high port, say 2233 or whetever. I have found that this will quieten your logs very effectively. Doing a scan on the box will show the high port as "open", however, it is not identified as SSH - robots to dates are flying blind on this one.... Good password are a must.