First, the attempts were not on a Linux box but from a Linux box.
Nitpick, but even if it *is* a Linux host, it could be simply compromised, or even someone trying to bruteforce from home.
You can easily free yourself from the SSH attempts by moving sshd to a different port if you must leave it open to the entire internet. Also turning off interactive (password) based logins can help.
I have ssh running on a different -- not port 22 -- port.
I run fail2ban on anything Internet-facing. Nowadays all of my servers listen for SSH on IPv6 only, that has *drastically* decreased bruteforce attempts. Using a different port is of course security through obscurity (as would be relying on IPv6 being hard to scan), but I see it as valid in a layered approach. Thanks, Jonathan