What I did here for a while was run what amounts to a simple shell script that grabbed the IP's of the attacking machines and stuffed them into an IP-level filter against all traffic from that machine. This still allowed the attacker to have 5-10 seconds of fun, but life got really boring for them after that.
-wolfgang
I found an idea that uses the recent module of iptables. Was easy to write and works really well. The first connection gets through but fails because of the public/private key setup and the second connection is dropped. I know that it uses some cpu time and that isn't a consideration on my machine with only one user but after two tries they go away. Before I put the chains into iptables they would attack for as much as an hour or more. I would guess that would use more cpu over time.
Wolf: Thanks again for the instructions on the p/p key setup.