Why do we get a high number of failed login between SSH sessions?

Because automated bots usually try weak passwords to break into servers.

There’s no reason to prevent this, but it’s why you must use strong passwords and preferably SSH key authentication.

it’s automated login attempts. Like above I’d suggest using Key Authentication for SSH logins

As well as installing “Fail2Ban”

sudo apt-get install fail2ban

Its a program that looks at your log files and whenever it sees a certain number of failed login attempts it will ban the IP address for a set amount of time.

It’s in most Linux repos as standard and will look for failed SSH logins out of the box so not configuration is required.

You can set it to monitor other services on your server from failed login attempts but SSH should be the only one you require.

For more info here is the programs wiki : http://www.fail2ban.org/wiki/index.php/Main_Page

Move your sshd service to listen on a non standard port. It’ll be no more (or less) secure but it gets rid of the endless log entries caused by the automated bots trying to brute their way into anything they can find on any server running on the standard port.

If you start seeing numerous failed attempts on your non standard port, that could be a cause for concern.

As above set Key Auth only for ssh and disable root ssh access. Most bots seem to try to brute force ssh on port 22 with a username of root and look for password auth. So taking away the password factor, the root factor and the port factor - you’ll probably find you end up with zero failed attempts.