Another thing you can do, if you only log in from certain IPs (this doesn't work so well if you need to log in from all over) is set up an iptables rule to block requests to port 22 unless they come from a specific IP...
It looks like this:
Code:
$IPTABLES -A INPUT -p tcp -i $WAN -d $SOURCE_IP --dport 22 -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED
There's also a ssh bruteforce killer in iptables:
Code:
$IPTABLES -A INPUT -p tcp -i $WAN --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
Which basically says that if there are 4 attempts in under 60 seconds to port 22, then start dropping requests from that IP.