A very simple and effective defense mechanism to reduce the number of attacks (but won't stop a persistent attacker) is to use non-default ports.
Changing the SSH listen port from 22 to something in the 30XXX range can drop automated SSH login attempts by several magnitudes!
Data Scientist and Chartered Aeronautical Engineer (MEng CEng EUR ING MRAeS) with over 15 years experience in the Aerospace, Defence and Rail Industry.