breaking the top-post....
Hello I'm running a TOR relay, every time I SSH to my server I see a message that there were thousands of failed login attempts Do you see this message too?
This is one of those issues that you figure out your own preferred method over time as you run public services over the internet.
First, where do you see the message? Not sure about your operating system, but if it's dumping the failed logins to your screen on you're on a Unix-like operating system, you should probably check your /etc/syslog.conf. Dumping failed ssh logins to a file like /var/log/authlog makes more sense.
Second, make sure you're following the basics with SSHD security. Require keys or Yubikey etc and don't rely on password security for SSH access.
You could consider fail2ban and similar tools, but consider either your host-based firewall or better yet, an upstream network firewall. Rate-limiting SSH attempts, blacklisting based on bogon addresses, etc, will bring you part of the way.
IMHO, the less third-party software you install on a Tor relay, the better off you are. More code means more surface area and more bugs.
The standard tenet of "there's no security with obscurity" rings true, but we're talking about log noise here, not security. Therefore, you might want to consider changing the TCP port SSHD is listening on. It will likely decrease the noise level.
The great secret SSHD security hack that I feel uncomfortable mentioning on a public list is... do SSH over IPv6 if you can. Seems like the bots haven't caught up to that yet.
g