for a scientific project we need to open the ssh port to the internet for some collaborators. Their ip's are not always the same, so we can't restrict the access depending from the source ip.
My idea to secure it is to always install the latest updates, forbid root login and run ssh on a non-standard port.
Do you have further ideas ? chroot ?