When I entered one of my server instances on DigitalOcean via ssh I was shocked to discover there were almost half-million unsuccessful login attempts. That was definitely a cracking attempt going on. And I must confess my setup was not the strongest. So here are the remedy options:
Just in case: Make sure you have non-ssh way of accessing your server console. DigitalOcean provides its own console to each Droplet. To get there: Click on your Droplet, Access, - big green button "Launch Console". Once you get to your box via non-ssh console (aka VNC), you are free to experiment because you do not depend on the ssh as your only life-line anymore.
Now, from the VNC terminal, logged in as root, you may stop the sshd - an attacker won't be able to brute force a service which is not running. sudo service sshd stop - DO NOT DO THIS COMMAND UNLESS YOU HAVE NON-SSH ACCESS.
If you've got an attack on a particular user name, then disable password access for that user, make it auth-key only, and limit number of access attempts.
Better yet, create a new user instead, with less trivial name for the future access, so it has less chance of being in attacker's dictionary.
Edit sshd config as necessary
To slow them down you may also throttle auth requests in the firewall, e.g. iptables.
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A SSHATTACK -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --dport 80 --state NEW -m tcp -j ACCEPT -A INPUT -p tcp -m state --dport 22 --state NEW -m recent --set -A INPUT -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited