To increase security, we recommend taking a number of steps that will significantly increase the security of the SSH service.

1. Let’s make settings in the SSH service configuration file

nano /etc/ssh/sshd_config

1.1 Changing the default port

The SSH service uses port 22 by default, it is often accessed, let's change it, for example, to 2203

Port 2203

1.2 Deny access from the root user

First create a regular user:

useradd user1
passwd user1

Let's check the ssh configuration so that the line looks like this.

PermitRootLogin no

1.3 Authorization as root only with 2FA

The password may be intercepted, etc. It is best to implement two-factor authentication in order to authenticate as the root user, as we described in a separate article: Setting up two-factor authentication in ssh for root on Debian 12

After all the steps, do not forget to apply the settings by restarting the service:

service ssh restart

2. Setting up iptables

We insist that access to our ssh port is available only for a specific IP.

iptables -A INPUT -p tcp --dport 2203 ! -s 89.xxx.186.xxx -j DROP

or

iptables -A INPUT -p tcp --dport 2203 -s 89.xxx.186.xxx -j ACCEPT
iptables -A INPUT -p tcp --dport 2203 -j DROP

Make sure the rules are saved across reboots:

apt install iptables-persistent
iptables-save > /etc/iptables/rules.v4

These steps will significantly increase security and work with the SSH protocol.

We recommend using a VPS server as a static IP address since its IP will always be the same no matter where you are. This is convenient because when connecting from home, office, vacation, using the mobile Internet, you will always have different IP addresses and in most cases dynamic.