Running a server in the public requires some additional work. Especially if you want management access via SSH for Ansible or if you want break stuff manually with fiddeling around :)
You can run an SSH audit of your public server using https://www.sshaudit.com. This section here is a very condensed way to get an A rating.
Just use strong host key for authentication of the host
# file: /etc/ssh/sshd_config HostKey /etc/ssh/ssh_host_ed25519_key HostKey /etc/ssh/ssh_host_rsa_key Delete existing keys and re-generate the RSA and ED25519 keys