This is a friendly reminder to put a firewall in between your server and the wider internet, and no, I'm not talking about fail2ban. Which is good for lots of things, but I wouldn't rely on it alone.
Don't open SSH ports up to the entire world. Put a firewall in between your server and those who would do you harm. Lots of providers have network-based access controls, cloud firewalls, etc: use them.
Friends don't let friends run sshd out in the open. :P
@vkc 💯 We have firewalls setup with our provider and applied to servers based on their roles.
SSH to any @crossed infrastructure is only possible via our Tailnet - no SSH exposed to the public internet and only the absolute minimum ports are open on the above firewalls.