If all they are doing is the usual BS ssh sniffing, run sshd on a non-standard port.... I usually run mine on something like 2280, that way its easy to remember but wont get scanned since the kiddies dont seem to do an actual nmap. From what Ive seen, all they really do is IP a netblock range and run a script that looks for a session connection and once it finds one, does dictionary scans with common names like "test" and then regular names. or another thing you can do, is use shared key auth. just an idea.
I was getting blasted with these bot scans/connects to sshd port, and then all I did was change port to 222 in sshd_config and the logs don't have any scans/connects to this port other then me. I think changing the port would probably help, with blocking ips. I think changing the port will make considerable differences in the attacks.
Thanks,
Jonathan