Never allow root ssh access and make sure all users are disabled except the ones you want, I use KUser KDE User Manager, \ all users are disabled by default except root and your login username.
If your clients do not have SSH access (web hosting for example), a good way to secure your box is to run SSH on an unknown port and IP, so that people do not know your SSH port, so can't brute force it.
Your current config file will look something like this (you will scroll down and see this)
#Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress ::
They are all commented out with the #, You should change the port number away from port 22, This port will be used in future to access the server. A random port which has significance to you but one which people won't guess is a good one. For this tutorial I will use the port 2202 (the time of writing this tutorial). You want to remove the hash to make the line uncommented and change 22 to the new port. Your config at this point of the file willl now look like this:
Port 2202 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress ::
As the internet evolves, so do the protocols and programs that use them, as such SSHv2 was born. You can force clients to use SSHv2 for greater security. This is simple to do, edit the file and find the line:
#Protocol 2,1 and simply change it to Protocol 2
Note: On fedora8 default install, Protocol is already unremmed and set to 2
PAM is a way of blocking IPs and users based off certian rules. Example, 3 bad password attempts from some guy in china block his IP for say 5 days... See Install PAM on Fedora
When I was trying to create an authorized login to another user, like ally, it kept failing, it always asked for a password, it would never just log in automatically. After reading /var/log/auth.log I noticed
Authentication refused: bad ownership or modes for directory /home/ally