This is an interesting point. Imagine if you put a fake SSH agent on 22, it responds just like SSH but never allows a login. Would it make it even less likely that someone would bother trying another port?

Obviously the next step here is a fake SSH agent that allows logins to a little sandbox.