Pick a good strong password for the OSMC user and set it with
passwd
You should also automatically block access from any IPv4s with repeated fail login attempts. This can be done with fail2ban. You can read more about it here:
geez, if your gonna have it simple enough on port 22 you can expect that sort of things to happen. As Sam said fail2ban is a good start there is also 2-step verification using google services
fail2ban is a start. Something else would be running SSH on a different port than 22, but that comes with several difficulties. Not as destructive but still problematic would be a port redirection configured in your router from incoming port e. g. 39641 to port 22 of Raspi’s IP.
One might even think about using a certificate for SSH and disabling pure password logins.
Anyway, the login attempts are most likely not from actual people but automated scripts scanning whole IP ranges for logins on standard ports.
Changing the port on it’s own is not enough however it will still eliminate 99% of the blind port scanning that is searching for IP addresses with port 22 open hoping to “get lucky”. On a non standard port only someone that was specifically targeting your IP address would bother to scan for a wide range of ports to find an open SSH server.
A good way to deal with this is to use ssh keys to login and disable password login - that way there’s nothing for them to try. Here’s a how-to:
One thing though - once you enable this, you will need your key file to be on whatever computer you login from, but it’s completely passwordless and very very secure.