The best practice of the "best practices" 😅 is to change default SSH port. As the Internet full of automated scanners and bots — most vulnerable are widely used default applications and ports.
Edit /etc/ssh/sshd_config
file, — find and update value of the line staring with Port
as a new value for port pick a number between 1024
and 65535
:
# nano /etc/ssh/sshd_config
# Find line starting with "Port":
Port 64537 # CHANGE TO PORT OF YOUR CHOICE 1024-65535
# Save file with: "ctrl + o" combination
# Close file with: "ctrl + x" combination
Restart SSH service:
service sshd restart
To connect again via SSH explicitly set port via -p
flag:
ssh -p 64537 username@host