This analysis of honeypot data over at the SANS Internet Storm Center yielded some interesting results. It’s probably no surprise that the top two guesses were “123456” and “password,” or that variations on those are also in the top ten list. Check out the list here:
https://isc.sans.edu/diary/So+what+passwords+are+those+ssh+scanners+trying%3F/15785