Ssh – Too many sshd related processes in Centos 7

Yes, this is normal. sshd opens 2 new processes for each user currently trying to authenticate.

Yes, it is very likely indicates someone attempting to authenticate to your server who was not meant to. If not, one look into you /var/log/auth.log should point you to the server in your network that has a deprecated cron script running.

Rule of thumb: If you are concerned that someone might break in, then the issue is not people trying to break in! Instead, ensure that nobody will ever succeed brute-forcing.

You can tune your sshd config in order and somewhat restrict how much system resources are spent dealing with these. But the defaults should be fine for any but the thinnest servers, its really not that much of a problem.

# Disable unused authentication methods
#  !! ONLY DISABLE PASSWORDS IF ALL USERS LOGIN USING KEYS !!
PasswordAuthentication no

# If the above is true, also limit the time users have to present
#  their authentication
# If theres no passwords typed, something <60 seconds is reasonable
#  !! DO NOT SET TOO LOW! USERS MAY STILL NEED TO UNLOCK THEIR KEY/CARD !!
LoginGraceTime 120

# Limit how many times a user can attempt to authenticate
#  !! Users who initially try the wrong key or invalid method will
#  !! first need to configure their ssh client properly
#  !! else they will be locked out if this is too low!
MaxAuthTries 6

# Limit the number of concurrently authenticating users
# start not accepting some connections if there are already 10 clients
# stop accepting any connections if there are already 100 clients
#  !! one may even argue leaving this high is helpful, because
#  !! an attacker needs more resources to prevent legitimate connections
MaxStartups 10:30:100

You also can move your ssh to another port, which will greatly limit the number of people trying. I do not recommend doing that. It does not improve security and it makes things more complicated.