Since than I disabled root login and login with password. Now it is unbreakable:)
Also it killed the joy out of it as I can't watch the logs rolling as the attacker trying to break in:/
I'm surprised how fast I got the first attemt of break in. The server was only running since 2-3 days...
Yeah, we've only had ours up for a few weeks as well and same thing. I've enabled 2FA for web access and we've generated SSH keys for each login. Very amusing to watch them attempt to break in.