You didn't mention SSH keys and maybe you already do this, but for the benefit of others trying to secure a public-facing machine, it's best to disable password-based authentication and use ssh keys to authenticate instead. Combined with fail2ban (mentioned by Ben) it's a good way to prevent brute force attacks.
DigitalOcean has a good writeup of how to generate SSH keys and configure a Linux machine to use them.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.