[deanhills]

true . most of the bot assume the ssh port is 22 . by changing it basically we bypass that bot assume . there still bot that scan through port but that is rare and most of this kinda bot stick with port 22 . changing the port is important .

Having said that I think I'll need to do more than just change my port.  Last night when I was working on my HostUS paid VPS - first time in a few weeks - I noticed I've been bombarded with login attempts again.  Not sure what I'm going to do this time round as keyless doesn't seem to do the trick as when it locked me out of my VPS when I used it a few weeks ago I had to reload the OS to get out of the dilemma.  There has to be other ways of course - will figure something out.

[Kururin]

I think SSH Key is a must, and use firewall mostly. Close off ports that gets abused often then the bots will have no access to it. Instead they will be blocked. Also invest on a DDOS solution if its really bad

[Littlemaster]

Thank God, I had no such issue to my VPSs, I blocked bot logging in attempts by changing port of ssh, you may try to add some honeypots to fool the bots if all other thing fails to work, if possible ask your host to get a new ip for yiu. Some ips are shared across the web and bots have these ips in their hit list, avoid sharing ip details.

[sagher]

Whenever you got new vps just search the topic "how to protect your vps" the most common thing is safe your SSH port by changing it from 22. and the second is make user on your linux os and use sudo command. not access it directly with root access. and the 3rd is to configure iptable is your desire. one easiest software is "ufw" you can install it with the command of "apt-get install ufw" and open only specific ports you need to be...
if you like to make a private vpn network then make it strong password protected. and for ddos protection, use cloudflare services.