These two settings in your sshd_config will give you the most bang for the buck:
PermitRootLogin no PasswordAuthentication no
Make your users generate keys, add the *.pub to their ~/.ssh/authorized_keys files.
For a bit of background, Michael W. Lucas: SSH Mastery (Tilted Windmill Press 2013) is a recent and very readable guide to configuring your SSH (server and clients) sensibly.