This is EXACTLY the more reasons to use Lectron to reverse proxy SSH ports, because it will then isolate the SSH port from the public, and the remote proxy of Lectron already blocked malicious ASNs, including North Korean ASN from accessing
So in case the server got compromised, North Korean agents still gets a difficult time actually logging in, then it’s a WIN for sysadmins around the world.
Source post: https://thehackernews.com/2022/09/north-korean-hackers-spreading.html