Securing SSH

[Roland Venter]

I need to manage several servers remotely via SSH, I'm interested in ways to
secure the connection and prevent unauthorised access.

My thoughts:
Limit access to only allow remote connections from our management network
via iptables rules. Works but what if our ISP changes our fixed IP, which
means we are effectively locked out from all the servers and requires a site
visit to update the rules.

We also need to provide access to engineers working from home using dialup,
etc

Some sort of client certificates to supplement username and password,

Recommendations on securing the SSH daemon etc

Any ideas and tips appreciated

Cheers,
Roland