Move the port to a high port. Install fail2ban and set it to ban quickly. The downside of that is if you fat finger your login more than a couple of times it might ban you. I have whitelist on mine of the IP addresses I know I will be logging in from. I also run TCP wrappers which far too many people screech about it being depreciated. it works and also if set up properly logs all login attempts. I get about three or four a month on my random high port. Of course most of this depends on you trying to gain access from known addresses or subnet.

I only have the ssh login as a backup. I run wireguard with the ports set to something other than the default port. It allows me to gain access to my home network quickly. While its always possible there might be some bug that would allow someone to access it in the future it works as well as any other solution.

Nazi cucks at the moment.

I was trying to work out what the joke was/why Wahlberg was replaced.

It must have been something happening.