Matthew Dillon issued this warning to folks with accounts on leaf: Due to an increase in automated ssh scans, he’s implemented a security policy that may lock you out if you goof up your login. Mail him if that does happen.
I’ve seen these same ssh scans with some frequency for at least a few months; these scans appear to be looking for poorly configured machines. Not a huge threat, but enough to warrant a closer eye.