Another little tidbit you can use in addition to fail2ban is to just change the SSH port. I generally use something in the 2000 range - 2022, 2222 etc. That way your poor VPS isn´t even handling all the people knocking on your SSH door.
I don't agree with this. A simple nmap is enough to find the SSH port. This will get you in trouble when you're on a network which blocks port. The ssh port is often open (at least if it's an establishment where programmers work) and a port like 2022 is not.