An alternative solution to this problem is simply not having an SSH daemon available on your
public IP address.
I only permit ssh access from either my internal network or from a VPN link. (OpenVPN, since
IPsec is too horrible for words to configure). Since I only need ssh access from a limited
number of computers (two: my computer at work or my laptop), having them setup to establish a
VPN connection and run ssh through it is not a problem.
Apart from keeping SSH off the public IP, the VPN connection also allows me to access other
ressources - e.g. I can nfs mount my home directory from a remote location through the VPN
link, which does come in handy at times.