[rnestler]

My experience is that even non-standard ssh ports gets hundreds of login attempts on ssh per day.

[formerly_proven]

I suppose that depends on what you think of as an "login attempt". Is opening a connection a login attempt? I would say it isn't. Is sending some random protocol header a login attempt? Doubtful. Is failing to negotiate a login attempt? Again, I'd say no (most likely a port scanner looking for old/vulnerable servers). Is SSH-1.5-Nmap a login attempt? I don't think so. As we have disabled password authentication, a client can't actually try to do a user/pass login, so what can't happen, isn't.

These things show up, but are completely irrelevant to security.

[usr1106]

Yes, it has increased quite a bit in recent years. I think still 5 years ago there was basically no traffic.