Install fail2ban ?
Change port?
Set up port knocking?

1. Use a firewall ;
   
2. Change the port on which the SSH server is running. From the 22nd to some 3184th ;
   
3. Use SSH keys instead of passwords.
   

Deny all but IP address 1.2.3.4 TCP connection on port 22
PS - eth1 is the address of your network card, it may not match yours.

If your “Internet falls off on VPS” precisely because of brute force, ddos ​​also arrives there, and here the VPS settings will not help in any way, since the brute clogs the channel to the server. Alternatively, you can try putting www.cloudflare.com in front of your VPS, I don’t know if they still have a free plan.

everyone has such garbage,
1) disable all web resources such as ssh, ftp, etc
2) use a program to configure,
3) put access on the web face only from LAN, for example, specifying 192.168.1.0 only the local subnet
4) port knoking
also roll and advice above
p.s. after I set access to everything only from LAN, they began to climb into the vpn tunnel :)
because only one port to the Internet is open ....

For this, I set up denyhost for myself, made a key for ssh access, I enter only by key, and disabled access to ssh with a password, and in denyhost I registered that anyone who knocks at least once with a password in ssh will be banned. I monitored for a week who was breaking, when the list exceeded 300 ip, then I stopped monitoring, it just works by itself.
And this is taking into account the fact that the server is private and only I know about it, there is not even a web muzzle, just for the service.