If you've ever looked at firewall logs on a public facing machine, you know that anything on the internet is constantly being probed and attacked - seeing hard evidence of this is enough to make one quite paranoid.
When it comes to a ssh server, one of the things you can do to secure it is to disable password authentication and use public key authentication instead to prevent brute force attacks. The next best option is a strong/complex password and fail2ban, which is what I used for a week just to get some data on how often and what kind of scans/attacks were happening. You can use multi-factor authentication with either of these but that's a story for another time.
Things started off pretty slowly with 29 IPs being banned over the first 3-4 days but at the end, it had spiked up to a whopping 552 IPs banned. Skimming over the username attempts showed that some went straight for 'root' with a dictionary attack, others were trying to login with service accounts (e.g. zabbix, nginx, postgres) but the majority were random names. I'm assuming they were being sprayed en masse from one of the many password lists floating around from various breaches as I saw the same 5 usernames tried in the same order from different IPs at different times.
I did come across the username 'bkksextoy' which raises many questions including 'wtf was the password on that account?' that are probably best answered with '!@%$^@ internet...'
Out of curiosity, I ran all the IPs through geoiplookup to see where they were coming from, tallied them up and the results are below. I'm sure a lot of these attacks are coming from compromised machines or Tor endpoints but it's amusing nonetheless.
162 GeoIP Country Edition: CN, China
81 GeoIP Country Edition: US, United States
45 GeoIP Country Edition: FR, France
26 GeoIP Country Edition: CA, Canada
22 GeoIP Country Edition: KR, Korea, Republic of
20 GeoIP Country Edition: IN, India
16 GeoIP Country Edition: DE, Germany
15 GeoIP Country Edition: BR, Brazil
13 GeoIP Country Edition: ID, Indonesia
11 GeoIP Country Edition: IT, Italy
10 GeoIP Country Edition: RU, Russian Federation
9 GeoIP Country Edition: GR, Greece
9 GeoIP Country Edition: SG, Singapore
9 GeoIP Country Edition: VN, Vietnam
8 GeoIP Country Edition: GB, United Kingdom
8 GeoIP Country Edition: HK, Hong Kong
7 GeoIP Country Edition: TH, Thailand
6 GeoIP Country Edition: NL, Netherlands
6 GeoIP Country Edition: ZA, South Africa
5 GeoIP Country Edition: AR, Argentina
5 GeoIP Country Edition: CL, Chile
4 GeoIP Country Edition: PL, Poland
4 GeoIP Country Edition: TW, Taiwan
3 GeoIP Country Edition: JP, Japan
3 GeoIP Country Edition: MX, Mexico
3 GeoIP Country Edition: MY, Malaysia
3 GeoIP Country Edition: UA, Ukraine
2 GeoIP Country Edition: BD, Bangladesh
2 GeoIP Country Edition: CO, Colombia
2 GeoIP Country Edition: EC, Ecuador
2 GeoIP Country Edition: ES, Spain
2 GeoIP Country Edition: KZ, Kazakhstan
2 GeoIP Country Edition: PY, Paraguay
1 GeoIP Country Edition: BE, Belgium
1 GeoIP Country Edition: BJ, Benin
1 GeoIP Country Edition: BY, Belarus
1 GeoIP Country Edition: DZ, Algeria
1 GeoIP Country Edition: HR, Croatia
1 GeoIP Country Edition: HU, Hungary
1 GeoIP Country Edition: IE, Ireland
1 GeoIP Country Edition: IL, Israel
1 GeoIP Country Edition: IQ, Iraq
1 GeoIP Country Edition: IR, Iran, Islamic Republic of
1 GeoIP Country Edition: LU, Luxembourg
1 GeoIP Country Edition: MA, Morocco
1 GeoIP Country Edition: NE, Niger
1 GeoIP Country Edition: NO, Norway
1 GeoIP Country Edition: NP, Nepal
1 GeoIP Country Edition: PA, Panama
1 GeoIP Country Edition: PE, Peru
1 GeoIP Country Edition: PH, Philippines
1 GeoIP Country Edition: PR, Puerto Rico
1 GeoIP Country Edition: RS, Serbia
1 GeoIP Country Edition: SE, Sweden
1 GeoIP Country Edition: SK, Slovakia
1 GeoIP Country Edition: TN, Tunisia
1 GeoIP Country Edition: UG, Uganda
1 GeoIP Country Edition: UZ, Uzbekistan
1 GeoIP Country Edition: ZM, Zambia