Is anyone else seeing alerts about failed ssh logins for username anyone?

Not really an answer to your question, but why not a) disable SSH or b) make it accessible only very restrictively and not Internal (network) ?

I've run into postgres database corruption before, where you can't log into the gui.  ssh access is the only recourse at that point, so I like to keep it enabled for that reason.

I've never had an issue with it being enabled before. Just out of the blue, I've got 3 or 4 devices that have thrown out this alert. I'm quite confident in saying that this isn't a case of a user on the network trying to access. 

You can also just use option b to just allow SSH to a very small subset of IP's (or (VPN) users).

You can also just use option b to just allow SSH to a very small subset of IP's (or (VPN) users).

While this apijnappels input is extremely valid and should be taken into consideration very seriously, as it would reduce the footprint for an attack, I would check those devices from where the connection is originating for malware, just in case. There isn't a single reason I can think of for causing a server to try to establish an unsolicited SSH connection to another device other than malware. If you are seeing a lot of those it could be a brute force attack, and is extra worrying that is coming from inside your network.

Regards,

Giovani