If you haven't used SSH keys to login to your node yet, its strongly recommended to add this to your (existing) node. Here you can find a tutorial how to do so.

To lower the risk of unauthorized logins to your node you can protect yourself by disabling root password logon. Prerequisite is that you have enabled SSH keys (see above).

More information on how to disable root logon here. Beware that if you have firewall rules enabled you must also enable the new port prior to changing to the new port on the VPS (Hetzner) or on the cloud control panel (DigitalOcean/Vultr).

Example for Hetzner, replace 77 with your new ssh port. sudo ufw allow 77/tcp

To mitigate the risk of your node being breached by automated bots it's recommended to install fail2ban. Fail2ban ensures that after 'x' amount of failed login attempts that IP address becomes blocked. To install fail2ban, run:

sudo apt-get update

sudo apt-get upgrade -y

sudo apt-get install -y fail2ban

sudo systemctl start fail2ban

sudo systemctl enable fail2ban

sudo nano /etc/fail2ban/jail.local

In this file paste the following (you can edit 'maxretry' to decrease or increase the maximum failed login attempts):

[sshd]

enabled = true

port = 22

filter = sshd

logpath = /var/log/auth.log

maxretry = 3

Save with CTRL + O and Enter and exit with Ctrl + X.

Restart fail2ban with:

sudo systemctl restart fail2ban

Install 2FA for your node to access SSH more securely.