I used to get constant ssh probes. I think it's a dictionary attack.
bad guys run nmap or something similar and and find that you have
a ssh port open. When I used iptables to block access to the port
to all but specific ip addresses it stopped. If I need to remotely
access the machine from a specific location, I only allow that
locations IP in on that port. Seeing all those failed attempts
to ssh in is unnerving to say he least. It appears that if the
port is closed to everyone but who I choose, probes by bad guys
are unproductive and they stop. YMMV but it worked for me. Down
side is having to change iptables to allow things in that you want in.

Hi,

IMHO, disabling password authentication is the best protection from attempts to brute force a password.

Evo2.

Best if you can avoid them getting to a prompt in the first place.

Consider fail2ban and automatically block an IP for a period of time if there are too many login attempts.