I am pretty surprised to find out this is happening when I was debugging my L2TP/IPSec tunnel: someone is trying very hard to guess my root password over SSH. A quick check proved to me that my private cloud is under attack too.
The attacker is trying their ass off logging into my server as root using password authentication. If they managed to do this my server would be gone.
The common solution of this is to use fail2ban/iptables to firewall off offenders. I am still investigating possible alternatives.