There were 635 failed login attempts since the last successful login.
useradd -s /bin/sh Tom
systemctl restart sshd
You will only get "failed login attempt" messages on accounts that you're actually logging into. Since SSH scanners typically try some common names of people, and also known system accounts like 'root', what that message tells me is that you're logging in as root directly over SSH. You should not do this.
The first thing to do is create a regular user account for yourself and then grant that user sudo rights. Then disable 'root' account login through SSH in the /etc/ssh/sshd_config file (and restart sshd). This will prevent anyone from logging in as root, even if they happen to guess the password.
Further, you should disable password-based logins and only allow SSH keys, however this can be a bit of a pain, so make sure you are comfortable with it before doing that.
You can also change the port that ssh listens on (default 22). This will reduce the noise in the log, but it does not add extra security. The only purpose of doing this is to reduce log noise.
Another option to to disable SSH access from the Internet altogether (block the port at the firewall), but then you'll need a VPN into the firewall before you can access the server via SSH.
You are always going to get scanned if you have a server on the Internet, it's just a fact of life.