The Secure Shell Protocol (SSH) is a well-known standard protocol for remote login and used as well for other secure network services over an insecure network. It is mainly used for remotely accessing shell accounts on Unix-liked operating systems to perform administrative tasks. For this reason, the SSH service has been for years an attractive target for attackers, aiming to guess root passwords performing dictionary attacks, or to directly exploit the service itself. To test the classification performance of different classifiers and combinations of them, this study gathers and analyze SSH data coming from a honeynet and then it is analysed by means of a wide range of classifiers. The high-rate classification results lead to positive conclusions about the identification of malicious SSH connections.