How to set up SSH access correctly?

I am learning how to properly configure secure access to the server via SSH. I made the following settings file:

Port 61231
Protocol 2
PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords no
PubkeyAuthentication yes
UseDNS yes
MaxAuthTries 3
LoginGraceTime 30
ClientAliveInterval 200
ClientAliveCountMax 3
TCPKeepAlive no
AddressFamily inet
IgnoreRhosts yes
HostbasedAuthentication no
LogLevel INFO
StrictModes yes

There are the following questions:
1. I save these settings in the myssh.conf file which I throw at: /etc/ssh/sshd_config.d/ As a result, I don’t touch the default sshd_config file and it’s easier to change my settings. How welcome is this practice or is it better to change the default file?

2. It's embarrassing that the default file has the following line at the beginning: Include /etc/ssh/sshd_config.d/*.conf In theory, my settings file is first included, and then the default one goes, overwriting all my settings, although everything seems to work correctly. Is there any subtlety in this moment?

3. I want to allow access via SSH only to the user alexey, with the following setting in the file: AllowUsers alexey. This user has been created on the server, he has a home directory, but when this line is enabled, I cannot get access to the server. In the terminal I see insufficient rights: permission denied (as it is written like that) What is the problem here?

4. Why is it necessary to restart the ssh service with the command sudo systemctl restart ssh and not sudo systemctl restart sshd ? Indeed, in the first case, I overload the client, which, in theory, I don’t need on the server at all, and in the second case, I just overload the server itself, i.e. demon. What do I not understand?
5. Are there any other nuances or safety tips?