...
If your system is available through ssh on the Internet key based authentication should be used.
Even with fail2ban it does not take long for an attacker to compromise an accountwe have observed honeypot system being compromised within 3 days of being set up.
For the choice of keys to use, RSA is often selected over DSA because it has a the stronger key length of 2048 and 4096. DSA can only be 1024.
...