I would start by figuring out who does not need to connect, and blocking those first. The main culprits for attacks seem to be China, parts of Africa, North Korea, and former Soviet Republics. Block those if you have no reason for incoming connections from those areas. Also make sure that you run SSH on a non-standard port, and use certificates. Also check into 'denyhosts'. It will allow you to block connections from an address after a specified number of failed login attempts. You can do the same thing with iptables, but denyhosts simplifies the process. Their config file is pretty self explanatory.
Originally Posted by shakeshuck