super easy solution:
edit your /etc/ssh/sshd_config file
change your ssh port to any non standard port so it isn't detected by every port scanner that passes over your subnet
you will need to just add the -p flag when you log in to tell your client what arbritary port you moved the server to. Pick something that no standard services run on of possible
DISABLE ssh v1
disable root login, or better yet restrict it to ONLY the user or users that you log in as. DEFIANTLY DISABLE ROOT LOGIN
You should see your break in attempts drop to next to nothing once port scanners start seeing a closed or stealth port 22.
Security by obscurity is stupid, but so is actively advertising that you have something to break into. By hiding your already secure service, you only make things better