I've seen idiots attacking ... via the SSH connection,
FWIW, I've put all my public SSH ports on non-standard port numbers. It's
pretty much eliminated all the attacks.
I think most of these attackers are bots and script kiddies, and they only
try the well known ports.
Bob