One thing I rarely find mentioned in these docs, but that I personally think is handy, is the
AllowUsers field in sshd_config. If you set it up to allow only your own account then you
don't need to worry about weaker passwords on other accounts (my kids both have accounts on my
Linux system and they can't be bothered to remember complex passwords).
I'd love to use a different port but I can't: my company has a very strict firewall that
allows only ports 22 and 80 _outgoing_ (I know, right?), so if I change my port I won't be
able to get in from work. Same issue with port knocking and similar solutions.