This is a short list, largely borrowed from digitalocean
Log in with your provided root credentials
Create a user (just hit enter and skip the info if you want)
Enable the user to use sudo
usermod -aG sudo username
Disable root SSH login
Modify the file like below. Pick a high port number between 1024 and 34627. Hit ctrl-x, ‘Y’ and finally hit enter to save.
PermitRootLogin no Port 12345
Finally reboot and log in with the new settings
reboot ssh email@example.com -p 12345
From now on we might need to use ‘sudo’ to run certain commands.
You might want to consider using a ssh key instead. As it is more secure.
[TODO] Insert that info.
If you do not use a external firewall you might want to use a software based one.
Check digital oceans guide for more details.
Here are some example commands
sudo ufw allow 12345 sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw enable sudo ufw status sudo ufw deny sudo ufw status numbered sudo ufw delete 2 sudo ufw delete allow OpenSSH sudo ufw status verbose sudo ufw reset
Lets reboot and check if everything is working with
sudo apt-get update sudo apt-get upgrade sudo apt-get dist-upgrade