Securing Sshd

Mine is openssh-server, but what I'm going to secure is standard, so read:

I will edit my main sshd

ocm@achtung:/etc/ssh$ sudo vi sshd_config
# What ports, IPs and protocols we listen for
Port 9922
#Port 9922
# Use these options to restrict which interfaces/protocols sshd will bind to
ListenAddress 192.168.56.101
#ListenAddress 0.0.0.0
PermitRootLogin no
#PermitRootLogin yes

We don't want to listen from insecure networks, neither root needs access directly by ssh, and our ssh port only is known by its current users, "no guests needed". So:

ocm@achtung:/etc/ssh$ sudo netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program 
tcp        0      0 192.168.56.101:9922     0.0.0.0:*               LISTEN      7210/sshd