I have a server with public facing sshd (stuck on standard port 22). Running this gives a rough idea of what default usernames are to avoid:
lastb -w | awk -F " " '{print $1}' | sort -n | uniq -c | sort -n -r | more
39 admin 29 oracle 21 test 9 user 9 postgres 8 guest 8 git 8 a 7 nagios 4 ubuntu 4 ftpuser 3 redmine 3 office 3 developer 3 b 3 alias 3 ADMIN 2 zhangyan 2 www 2 vyatta 2 ucpss 2 ubnt 2 tomcat 2 teamspeak3 2 teamspeak 2 steam
What else can be done besides passwordless ssh key only encryption for access? Well limiting exposure with fail2ban slows down any possibility of brute forcing and whitelisting by geo-locating IP addresses may help too: http://www.axllent.org/docs/view/ssh-geoip/
And of course only open the ports needed via firewall etc.
