Another favorite suggestion is to set your sshd to listen on some alternate port instead of the default port 22/TCP.
People who did so have had a few years of quiet logs, but recent reports show that whoever is out there have the resources to scan alternate ports too.
Once again, don't let running your sshd on an alternate port keep you from keeping your system up to date.
Of course I've ranted about this too:
(2013-02-16) There's No Protection In High Ports Anymore. If Indeed There Ever Was. (slashdotted)