The same way you do it, assuming you use port forwarding. If you try to login to your raspberry from remote, maybe even with a false password, you should see a very similar line in auth.log.
Of course, you will connect to your public IP address which is assigned to the external interface of the router. I assume that you established port forwarding in the router, so that any connect to a specific port on your public IP address will be forwarded to the raspberry. In this specific case, I assume you forwarded port 22 in the router to be forwarded to port 22 of your raspberry.
The way the guy behind the other IP address went is the same and probably like
- scanning the internet for hosts which have ports open
- running a tool which
- connects to that host and port
- tries to login with password lists
Or maybe he does it manually and fires up his ssh client, connects to your public IP address, port 22, which will be forwarded to the raspberry, and simply tries common username/password combinations (pi/raspberry, root/root, ...).
To avoid that you can
- configure sshd to use private/public key authentication, not password authentication
- tell your router to forward a different port (e. g. 2222) to port 22 of the raspberry. Be sure to adjust your (remote) ssh client so that you can still connect.
- install
knockdand knock the port open before you want to use it - install
fail2banto block unauthorized IP addresses
(for a little more detailed overview of the mentioned methods please also see here.)