Couple things:
A brute force SSH attack will take about 6.02E23 years if you use a good password. It will take significantly longer if:
1. You haven't loaded sshd, which most desktops do not by default
2. You do not use a predictable login ID (such as root; logging in as root has been a bad idea for at least a decade)
3. You do not allow the internet at large access to your sshd daemon. I personally know of zero *nix installs that do.
That's the good news. The bad news is there are countless hardware devices that use some flavor of *nix, many of them do end up on public IPs, and their owners have zero clue that sshd is not only enabled, it's enabled with a default password. If the OS is writable (many are not) you're not just low hanging fruit, you're laying on the ground.
