Here, most geeks would wax lyrical about the relative strengths of different encryption schemes and algorithms.
How many bytes does a would-be intruder have to get exactly right?
|Authentication method||Number of bytes|
|Password||Password length (varies, how long is yours?)|
|Alternate Port||Port number (2 bytes, it's a 16 bit value, remember)|
|Port Knocking||Number of ports in sequence * 2 (still a 16 bit value)|
|Single Packet Authentication||2 bytes (the port) plus Max 1440 (IPv4/Ethernet) or 1220 (IPv6/Ethernet)|
|Key Only||Number of bytes in key (depending on key strength, up to several kB)|
You can of course combine several methods (and piss off your users), or use two factor authentication (OpenSSH supports several schemes).