fail2ban monitors logs and bans IPs after too many failed login attempts. Configure maxretry and bantime in /etc/fail2ban/jail.local. Check active bans with fail2ban-client status sshd. Whitelist your own IP.
fail2ban — Block Brute-force
sudo apt install fail2ban
sudo systemctl enable --now fail2ban
# Config: /etc/fail2ban/jail.local
[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
bantime = 3600
sudo fail2ban-client status sshd
sudo fail2ban-client set sshd unbanip 1.2.3.4