How are you preventing SSH bruteforce on Linux?

It is often advised to change SSH port, setup SSH key based access and disable password based access.

What are other options?

I am using denyhosts to block bots that are trying to bruteforce into the server via SSH (

Someone is using fail2ban instead of denyhosts (apt-get install fail2ban)

Third option can be to block IPs with excessive SSH login attempts by executing commands:
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j ACCEPT
iptables -A INPUT -m recent --update --seconds 600 --hitcount 8 --rttl --name SSH --rsource -j DROP

Also using passwords which parts are not based on dictionary words. Preferably randomly generated, mixture of the alphanumeric, 12 characters+