Hardening SSH security on a Debian 9 server
There are a number of things you can do:
- Set up a private key that uses a key-stretching algorithm to protect brute-forcing the passphrase.
- Configure
AllowUsers
in sshd so only named accounts can gain access - Use fail2ban or fwknop to further prevent outside attacks (remember that CVE-2008-0166 caused Debian users to generate only one of 32,767 possible keys)
- Actively monitor your machine for attacks