Basically, we have bots attempting to crack us daily. And this is a site that's done very little publicity and isn't really known at all throughout the Internet. The crackbots started even before we officially launched.
I'll probably implement the denyhosts tip on our box, along with disabling root login for SSH. But this should highlight the importance of using difficult-to-guess non-dictionary passwords. You will be attacked; don't make it easy for them.
I think there is a better way. Disable ftp, telnet etc. Disable everything not needed (just leave web server, postfix and sshd running) and disable root account and disable SSH password authentication completely and choose key authentication instead. You will never have to worry about someone running a cracker.
Ideally use a VPN connection to get into your internal network and firewall off all outside access.
Your goal should be to prevent anyone from ever connecting to your sshd process at all. If they can do that you're in danger. Make it listen on a different port, so you're not the easiest target and use iptables to block access to all but your office/home ip range. Various forms of port knocking to poke a hole in the iptables firewall can be used to allow mobile access, etc.
A nice variation on this theme is PortSentry, a portscan detector. I have it configured so that whenever it detects a portscan, it'll blackhole that IP for a few hours.
I'll probably implement the denyhosts tip on our box, along with disabling root login for SSH. But this should highlight the importance of using difficult-to-guess non-dictionary passwords. You will be attacked; don't make it easy for them.