You can reduce the amount of failed-attack messages in your logs with PF stateful tracking options.
You can also reduce the number of authentication attempts for any connected session with sshd_config(5) MaxAuthTries. If you set that to 1, for example, a failed attempt will disconnect the session. An attacker who reconnects to attack again may then be blocked by stateful tracking rules.
My public facing servers always have these three options set in sshd_config.:
Code:
PasswordAuthentication no
ChallengeResponseAuthentication no
MaxAuxTries 1
Challenge/Response on OpenBSD is S/Key one-time-pad authentication. At one time I used S/Key with SSH clients on public kiosks or borrowed workstations. (See skey(1), skeyinit(1), and skey(5) for details.)