There are a number of good suggestions offered here. I respectfully suggest that three things should make this relatively secure:
- Run the sshd on a random high port. The bots typically only go after port 22 and variations on port 22 like 2222.
- Disable password based authentication in the sshd config:
UsePAM no
- Only authenticate with this site via pre-shared SSH key pairs. Man on ssh-keygen to get started with PKI based authentication.
Hope this helps.
