With extremely rare exceptions (the NSA might), attackers don't have some magic sauce that breaks SSH. Even the recent SSH vulnerability was very hard to actually exploit (but you should have updated ASAP anyway). Their strength is that they just guess passwords all day long on the whole internet. If one server has "admin", or "root", or "1234", they'll get in instantly. If one server has "alcatrazquinine" they'll get in less instantly. If one server has "XgMTaJR35a7gSpXTD2T", they won't ever get in. This is secure from all the people scanning ssh keys. Well, don't use that exact password I just published.
Key authentication is preferred for two reasons. One is that if you accidentally connect to the wrong server you won't transmit your password to that server. The other is that you can store your key in a file and use it automatically so that just typing "ssh myserver" gets you all the way to a shell prompt. That's very convenient.
Not allowing root logins can make sense for auditing reasons (so you can see which user logged in and then used sudo), but if this is just your private server, there isn't really much reason to avoid it. If it makes you feel better, just pretend your name is "root". It also makes sense if you subscribe to the philosophy of "typing sudo in front of every command helps prevent mistakes," which I don't.
Using a port other than 22 can remove provide a very slight decrease in bandwidth and CPU load, and a bigger decrease in log file output, from processing failed logins by scanners. If these things actually matter to you, go ahead. I promise they don't. Doing it for security is either paranoia or security theater, depending on whether your password is "XgMTaJR35a7gSpXTD2T" or "1234".
Under what condition, the root pw being "admin"?