...
Now, obviously we should be able to limit SSH access to important systems by enforcing key-based authentication and / or Multi-Factor Authentication (MFA) based on TOTP (Time-based OneTime Pad) for example. MFA authentication for OpenSSH on OpenBSD doesn’t seem to be a viable option today, though.
fail2ban
...