It depends on a variety of things.
– Password Strength. If your password is 32 characters with all sizes and shapes of letters, numbers, and symbols, then nobody’s gong to guess it anytime soon. If you can remember it. Usually, people recommend the 8–12 character range, no dictionary words, upper/lowercase, numbers and symbols.
– Timeouts. If someone’s guessing at your password, and your server forces them to wait even five minutes after three failed attempts, then they can only guess three passwords every five minutes. That’s down from sixty or more (probably more) if you let them just keep hammering on your server.
-Hashes. If they have your password hash (the encrypted copy of the password), then they don’t need to try to log in. The password may already be cracked online, as well. If they have a hash (meaning they’ve already had some access), then it makes their job drastically easier.
-Password Rotation. Even a strong password could be guessed after a couple months or so, even if they can’t just hammer against it without running into timeouts. So what if your password changes monthly? Then they’re out of luck when they can’t run a brute force against the server for six months and get a password that still works.
-A little bit of luck. Sometimes, they’ll have to guess a couple hundred million passwords before they get to yours. Other times, they might guess yours after a few hundred. It just depends on how their software is set up.
Hopefully this has been at least sort of enlightening… keep this in mind when you’re setting things up, and your SSH server should be more secure for it.