One simple way to keep your server public but almost impossible to hack via SSH is to disable password authentication over SSH. This means the only way in is via your own private key that only you should have.
Edit your /etc/ssh/sshd.conf file
Set this option
Restart your SSH server.
service sshd restart
Now your server will be much more secure, even if someone has the password they cannot login remotely no matter what (so long as no one has stolen your private key). This makes bruteforcing absolutely impossible, so long as they don't enter another way, get root access and enable password login again.