+1
Denyhosts and a strong password is rock solid. If you are even more paranoid go with public key auth, and allow authorized ssh users only.