[Vivtek]

Damn. Why didn't I ever think of that? I'm doing that tomorrow.

[dugmartin]

Remove root login over ssh and disable password logins and you are good to go. If you want to get fancy Google for ssh port knocking.

[mrduncan]

disable password logins

I can't emphasize this one enough. Unless you need to login from a lot of different machines, there really isn't any excuse not to do this. It also has the bonus of making logins really easy since you don't have to type a password.

[InclinedPlane]

If you host your systems on a VPS service like linode or slicehost then you have the backup of a web based console in case you screw up royally and have a HD crash on the one machine your SSH key was on (for example).

[KTamas]

Heh, port knocking looks cool, might do that just for the heck of it on a server that only I use.

Also, yes, among with changing the port the only way that should be possible to get in is through 'keys.