SSH (Secure SHell) is a common tool for setting up a “VPN tunnel” using port forwarding, or secure remote access to the command line; thus it is not uncommon for servers providing SSH connections to be directly accessible from the Internet.
Hackers are constantly testing defenses looking for configurations that missed something important and therefore allow access. SSH daemon configurations that improperly turned off keyboard-interactive logons but forgot to enable the “ChallengeResponseAuthentication no” are being attacked.
From SANS: