First, I edited /etc/services, and changed the ssh entries to use a new port number. Chose a port above 1000 that isn't in use already.
Second - and this is useful for people using git and ssh outbound - edit /etc/ssh_config and under Host *, add an entry:
Another method uses /System/Library/LaunchDaemons/ssh.plist, but the above is more Unix-centric way. On my system, the ssh.plist has a "disabled" key anyway.