Hardening SSH against password brute-force attacks
If your SSH server is publicly accessible over the internet it will be subjected to password brute-force attacks. The best way to protect SSH from these attacks is to disable password authentication. It’s also good to rate limit the number of connection and failed authentication attempts.
Disable password authentication by adding the following line to
Rate limit connection attempts by adding a firewall rule:
$ sudo ufw limit OpenSSH
Rate limit failed authentication attempts using fail2ban.