How to Harden SSH on a Linux Server
A default SSH configuration is a common attack target. These steps reduce your attack surface significantly by changing defaults and restricting access.
Change the Default Port
Edit /etc/ssh/sshd_config and change:
Port 2222
Disable Root Login
PermitRootLogin no
Limit Login Attempts
MaxAuthTries 3
Restrict to Specific Users
AllowUsers alice bob
Use Fail2Ban to Block Brute Force
sudo apt install fail2ban sudo systemctl enable fail2ban
Restart SSH after changes: sudo systemctl restart sshd