[akira2501]

I've been happy with having my firewall count SSH connection attempts, and if you make too many attempts in too short a period of time, it just blacklists that IP for 24 hours.

[silisili]

My first 'defense' was just moving off of port 22. I had planned other things, but to be honest, the attempts went from hundreds a day to zero, so I never bothered doing more.

[bayindirh]

The first package I install on public facing servers is fail2ban.

After starting it, everything becomes much calmer. Nice thing is, fail2ban can protect much more than SSH.

[t0mas88]

I do the same, but only 10 minutes after 5 failed logins. That's enough for bots while not really getting in your way if it accidentally blocks the hotel you're in.

Combined with only allowing key based login, password is disabled.

[_moof]

I've recently added 2FA as well. Super easy to do.

[alias_neo]

I wrote a blog on how to do it a couple years back if anyone is interested in a "tutorial": https://2byt.es/post/totp/

It's for the Pi as that's the target audience but it should apply generally for OpenSSH.

There's also a sister post about improving your "first factor" for those still using passwords: https://2byt.es/post/totp2/