An option (to be used in addition to other security measures) is have sshd listen on a port other than 22. I haven't tried it myself, but have heard it reduces the number of pure brute force attacks by bots.
I must emphasize that this isn't real security, just reduces the number of automated brute force attacks. Too much work to check every port I guess.