For those of you not already doing so:
- Limit the Source IPs in your external SSH rules
- Install SSH keys and do not allow logins without keys
- Rate limit connections as indicated in the forum.
All the tools to limit your exposure to SSH bruteforcing are in place, its up to you to use them.