The comments around the last OpenSSH issue (CVE 2016-0777, you must read excellent Qualys’ analysis if you’re interested with the details), I noticed that many people were not aware of some basic features of OpenSSH. I will attempt to give a few advises, prioritized in feasibility order, and with graphical annotations:
Very easy to set up.
Requires a lot of work to set up.
Will provide you some protections against difficult attacks.
Will protect against very simple or effective attacks.