Once you have a successful connection to your remote instance with SSH keys, it is better practice to disable SSH Password Authentication to mitigate further bruteforce password attempts, this coupled with a service like Fail2ban will further strengthen your Virtual instance.
Remote into your VPS via SSH and open the SSH config file:
nano /etc/ssh/sshd_config
Find and set Password Authentication to no:
PasswordAuthentication no
Find and uncomment and set PubkeyAuthentication to yes:
PubkeyAuthentication yes
Restart the SSH service:
systemctl restart sshd.service
That’s it, now all password attempts for SSH will be blocked immediately.
Changing SSH Port
You can also change the Port number for SSH to further restrict bruteforce attempts.
Add a new Port number to your firewall, say 2000 to allow incoming connections on that number, then edit the SSH config file again:
nano /etc/ssh/sshd_config
Look for Port 22 and change to what you want, say 2000, then save and restart.
systemctl restart sshd.service
See what ports are open:
ufw status
Check you can SSH in on the new port, then remove the firewall rule for Port 22, that’s it now you have security through obscurity.
