I open this debate because the truth is that I always ask myself the same thing and google does not have the answer.
Because whenever I create an instance in DigitalOcean there are constant failed accesses from different countries to my droplet? This is something that does not happen either in Linode or Vultr, in addition to OVH and other suppliers, but it only happens here.
I do not worry about the fact that they try to enter since I have perfectly configured the fail2ban and the sshd but even so it has always seemed quite strange to me this literally “DoS or DDoS” to the SSH port. Does anyone have any explanation for this? It’s pretty weird.
I doubt that the DigitalOcean monitoring service uses SSH with the VPS configuration data because despite that they are still updating.