- Before going any further, update & upgrade apt (advanced package tool) packages
# 👉 remote terminal
apt update && apt upgradeFail2ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Read more
# 👉 remote terminal
apt install fail2ban -y ℹ️ `-y` stands for yes
systemctl enable fail2ban
systemctl start fail2ban
systemctl status fail2ban ℹ️ Verify that fail2ban is active
rebootUFW, or Uncomplicated Firewall, is an interface to iptables that is geared towards simplifying the process of configuring a firewall.
# 👉 remote terminal
sudo apt-get install ufw
sudo ufw status
sudo ufw enable
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 80 ℹ️ HTTP
sudo ufw allow 443 ℹ️ HTTPS
sudo ufw enableGo to and edit sshd_config file
# 👉 remote terminal
vim /etc/ssh/sshd_config # 📝 use vim or nanoEdit as showing below
# 👉 remote terminal
- PermitRootLogin Yes
+ PermitRootLogin no
- Port 22
+ Port XXX ℹ️ Set your custom port numberRestart configs
# 👉 remote terminal
systemctl restart sshd- Create a non-root user
# 👉 remote terminal
adduser XXX # ℹ️ Replace XXX with your own user name
password # ⚠️ Do not use your root password
exit # ℹ️ Required for the next step- Verify newly created user
# 👉 remote terminal
ssh XXX@**.***.**.** # ℹ️ You'll be asked for your user's password (not root)