For an added level of security (despite having strong passwords) I have set up Fail2Ban as a software throttle for attempted logins. On average, about a dozen bots hit the SSH port every hour or so. I can’t close this because I need to leave a window open for remote administration of the headless server, but it would also be a epic fail to be hacked this way.
Get Out of Jail Free Card
The problem with having a strong firewall and a long, complex password, is that sometimes I lock my own computer out of the the SSH admin back end. This means logging in through a different IP or hard line and unbanning myself.
fail2ban-client set ssh unbanip 000.000.000.000 fail2ban-client set sshd unbanip 000.000.000.000