Keep Them Out, Keep Them Guessing

Here, most geeks would wax lyrical about the relative strengths of different encryption schemes and algorithms.

Being a simpler mind, I prefer a different metric for how good your scheme is, or effectivness of obfuscation (also see entropy:

How many bytes does a would-be intruder have to get exactly right?

Authentication methodNumber of bytes
PasswordPassword length (varies, how long is yours?)
Alternate PortPort number (2 bytes, it's a 16 bit value, remember)
Port KnockingNumber of ports in sequence * 2 (still a 16 bit value)
Single Packet Authentication2 bytes (the port) plus Max 1440 (IPv4/Ethernet) or 1220 (IPv6/Ethernet)
Key OnlyNumber of bytes in key (depending on key strength, up to several kB)

You can of course combine several methods (and piss off your users), or use two factor authentication (OpenSSH supports several schemes).