I found just white listing cidrs from your country the most effective way to reduce this log spam. I only use keys anyway so the attempts are pointless.

For as long as I can remember, open SSH endpoints have been subject to password scan attacks from random corners of the internet. It’s just how life is.

I was exited to read about the recent surge of brute force attempts I received from IPs my fail2ban has not previously seen, but this is just a generic piece from 6 months ago :(