This will show you all logins excluding your IP address.
last | tac | grep -v YOUR-IP-HERE
Check for password changes and cross reference with the login attempts
history | grep passwd
Finally run a whois based on the suspicious IP address. Now this isn’t fool proof, it’s very easy to fool your location however it should give you an idea if your system has accepted potentially dangerous connections. I recommend locking SSH down to IP address.