As far as I could tell there is no ssh rule in the default ubuntu snort install. Maybe this is because monitoring ssh can be cpu intensive. I have however added a snort rule to monitor my ssh traffic, and cpu usage is allright.
The rule is not very informative yet, maybe there are ones out there that better suit your needs. But it tells me if someone is fiddling around with my ssh port.
alert tcp $EXTERNAL_NET any -> $HOME_NET 22002 (msg:"SSH incoming"; flow:stateless; flags:S+; sid:100006927; rev:1;)