I highly recommend you disable root access, change SSH Port, and disable password authentication. These are all done in sshd_config.

You will want to setup an ssh key (I recommend the newer standard ed255190) and only allow access via ssh key.

I would also install Fail2Ban, and customize it for the new SSH port.

If you don't already, make sure you have iptables or ufw firewall enabled and properly configured.