I'm too lazy and too stupid to put in denyhosts or any of the other anti-guessing software, but I have put in a 7-second delay on password-authenticated SSH logins, as per http://www.aerospacesoftware.com/howtos/ssh-kiddies.html That makes my sshd less a honeypot and more a tarpit.
I also put in an output line so I can see what passwords they're guessing.
FWIW, denyhosts and mod-security don't seem to require any real additional configuration beyond just installing them on Ubuntu 10.10 (and copying the example config for mod-security from /usr/share/doc/mod-security-common/examples).
I also put in an output line so I can see what passwords they're guessing.