I've exposed SSH over tor in the past, so I can at least get into the box to set up a workaround like this if needed. (usually ddns/DMZ setup being broken)

Never had many login attempts that weren't me through it, but had fail2ban installed just in case.