So, there is basically nothing you can do
you need to have SSH with password enabled, can't control source IP as this id dynamic and ask to block IP addresses
I'm a bit confused here.
Investigate fail2ban further as this is most likely the only (or similar) way to automatize something.
I would also look twice at Rob's advice and set up VPN tunnel between your 2 servers in order to implement rsync within this tunnel.