1.close unncessary ports
2.use iptables for packet filtering
3.use tcp wrapper, making /etc/hosts.deny to ALL:ALL then /etc/hosts.allow ,allow specific IPs only to connect.
4.don't permit root login on ssh
5.use strong passwords
6.you can try also change ssh port, let say make it 8022
7.patch your system
BTW,what's your firewall? If you can close ssh in public access, instead accessible only via VPN much better