This is probably obvious but what about firewalling off port 22 on the perimeter ahead of the switch(es)?
You could also use set system services ssh rate-limit <1..250> to slow things down at least.
Ultimately, aside from filtering out port 22 ahead of the switch(es), the best setup would be a routing engine filter to limit SSH to a known set of IP addresses/networks.
I would imagine that somewhere in the underlying BSD guts of Junos you could modify the SSH port but I wouldn't recommend this as it could break things in unexpected ways if other part of Junos expect port 22 to be SSH.