I have a Pi 1 on my local network hooked up to 44net (the ARDC's public access internet via Wireguard). The following is the count of top failed ssh login attempts for each username over about a 3 day period. Attacks started immediately.
143 ec2-user
144 ftpuser
152 nginx
155 ftp
217 debian
218 centos
254 pi
348 solv
381 hadoop
390 git
446 mysql
607 guest
723 ubuntu
782 postgres
863 oracle
880 test
1468 user
2648 admin
@vk6flab I looked at fail2ban and I don't think I need the complexity right now - instead I decided to block all ssh access from the "outside world" through ufw
when I do need to get to the system, I can reach it because there's a subnet router for it on my Tailscale network and I can ssh in that way
the nginx logs are not fun to read! so many paths being probed. so far though, no obvious risk, just hassle, since I'm hosting a single-page website there
@g7soz It's definitely worth a try, but be sure you have firewalls engaged if you route an Internet traffic to your device.
You don't have to route all of the internet - it would make sense to have a less than default route on the tunnel.
Ed W8EMV 
peter honeyman
Onno (VK6FLAB)
g7soz