[a12b]

2 simple lines in /etc/ssh/sshd_config fix the problem:

  PermitRootLogin no
  PasswordAuthentication no

[utefan001]

I know I am preaching to the choir, but ANY login for any port or protocol should have rate limiting and non-default passwords.

Burp suite can easily crack web logins if you allow hundreds of logins per second for a single user.