A bit more than a year ago, I hardened my SSH server, which resulted in the near-disappearance of automated SSH login attempts. Alas, the script-kiddie tools have finally caught up with the current state of cryptography; or at least with the level of cryptography that I dare require, and still maintain compatibility with most devices that I use.
Fail2ban, although dormant all this time, still ran like the ever-vigilant Argos, and resumed its usual work as the attacks came back. But I do not like relying solely on fail2ban. So I decided to add port-knocking as a protection.