if you don’t want to mess about with keys there are three things you can easily do to secure SSH.
firstly, always, disallow root logins. in /etc/ssh/sshd_config you should have something like this
secondly install fail2ban. out of the box it’ll have a decent configuration that’ll ban an IP after a certain amount of failed attempts. you can check the logs at /var/log/fail2ban
thirdly, and i think most importantly, let’s change the port that SSH listens on. again, in /etc/ssh/sshd_config, look for the line # What ports, IPs and protocols we listen for and change the port to something more obscure (go for a high port that isn’t used for anything else like port 2984) and restart SSH. make sure your firewall rules are updated to reflect this change too. you will have to log in specifying this new port like ssh firstname.lastname@example.org -p 2984
also if you’re changing the port number that some firewalls will block port 2984 outgoing so you won’t be able to connect. this is the case at my place of work for example. i had to use a VPN tunnel via another server to connect to SSH when it was listening on port 2984