fail2ban

well, hide it on a different port number,
for example, on 1022 or another
manual

If there is a brute, then iptables will not help. If it would be a local computer, then just set the router (or firewall) and configure the blocking of this IP. There are few options on VDS: either, as Vladimir said , just put it on another port or contact the hosting provider and ask to block incoming traffic from this Turkish IP!

They are all screwed up.
It is enough to put the server on the Internet - and your 22nd brute and brute and brute.

Try configuring iptabels with the following options:

sudo iptables -A INPUT -p tcp --dport ssh -m state --state NEW -m recent --name SSH_BRUTE --set
sudo iptables -A INPUT -p tcp --dport ssh -m state --state NEW -m recent --name SSH_BRUTE --update --seconds 60 --hitcount 3 --rttl -j REJECT

The parameters limit the number of new connections from one IP address to 3 within 60 seconds, and also check the packet time to live (TTL).
https://ru.wikibooks.org/wiki/Iptables Here you can read more about Iptables and its settings.
To protect against brute force, you can also change the SSH port to a non-standard one (but this is not very effective) or use key access instead of a password. It does not hurt to check for vulnerabilities associated with the operation of application protocols.
There are special resources that can check most vulnerabilities, and at the same time show whether it is possible to guess the password. Offhand try https://metascan.ru