Tips for Server Security

I'd argue that SSH access for root should be off regardless, you aren't going to use it.

Keys over passes in all cases.
There's a bunch of stuff to do around SSL config if you're serving stuff.

Moving SSH has pros and cons, one one hand if you're using keys and something to block brute force then nothing to worry about but on the other hand bots will be trying to login.

Then obviously review the config of all network services to see what can be done to strengthen security.