Your server is probably hacked.
When you installed server did you use default password?
Looks like there is bots scanning VPS providers IP ranges, for hosting panels default ports and passwords. When find vulnerable panel they add ssh keys to get access to your server.
To avoid this always set password your self, change default port and disable root login.
100% correct, I didn’t change the password 1234567 - that bot found it so quickly.
Only was running for 12 hours so it must have found the IP running CyberPanel within max 24 hours.