Heya
I have the same issue and I think most people do when opening port 22 or similar:
Possible Hack Attempt on Apr 30
On Apr 30 there were 3231 invalid login attempts.
Apr 30 18:19:23 Fractal sshd[2723]: Failed password for root from 222.186.43.6 port 25836 ssh2
All mine are from the same IP. Is there a way to block attacker IP's?
Or all from a known list, like theses - https://report.cs.rutgers.edu/DROP/attackers
Making sure I have a strong password and changing it now and then is a good policy of course.
Thanks