Ronen,
I agree with Ruben.
Regarding that connection, if it was inbound, they may have successfully logged into a device. Its Command Server may simply be maintaining the connection, testing SSH tunneling, seeing if it does X11, Secure Copy, etc.
*If it's a hosted VPS service and SSH Keys are allowed for login, make sure YOU MADE FRESH KEYS for your VPS' SSH Server. If this is a state actor (or even another customer in the same company), they may have your private SSH key.*
*And in fact, if you determine you've been logged into, you may wish to start with a fresh install/VM. *
**
73,
- Lynwood KB3VWG
What is not understand to me is what is the purpose ... If it is a robot what is the point of fluddling SSH connections is it brute force ? or anything else ? and how come that after 24 hours it stopped it supposed to be endless loop if it is an automated process