As an additional way to protect SSH servers from potential attackers, I started to implement TOTP-based 2FA logins in the past. See this post about how I achieved this.
I also use Bitwarden to store all my credentials and also TOTP tokens and since I was tired of always manually