[abdusco]

You should consider changing default SSH port. It helps a lot with the spam.

[coolspot]

Also adding port knocking.

https://netslovers.com/2018/02/28/port-knocking-server-secur...

[blibble]

and/or add an iptables rule that limits the rate, set high enough such that you'll never hit it

1 line in your iptables config