Security
If you haven't used SSH keys to login to your node yet, its strongly recommended to add this to your (existing) node. Here you can find a tutorial how to do so.
To lower the risk of unauthorized logins to your node you can protect yourself by disabling root password logon. Prerequisite is that you have enabled SSH keys (see above).
More information on how to disable root logon here. Beware that if you have firewall rules enabled you must also enable the new port prior to changing to the new port on the VPS (Hetzner) or on the cloud control panel (DigitalOcean/Vultr).
Example for Hetzner, replace 77 with your new ssh port.
sudo ufw allow 77/tcp
To mitigate the risk of your node being breached by automated bots it's recommended to install fail2ban. Fail2ban ensures that after 'x' amount of failed login attempts that IP address becomes blocked. To install fail2ban, run:
sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get install -y fail2ban
sudo systemctl start fail2ban
sudo systemctl enable fail2ban
sudo nano /etc/fail2ban/jail.local
In this file paste the following (you can edit 'maxretry' to decrease or increase the maximum failed login attempts):
[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
Save with CTRL + O and Enter and exit with Ctrl + X.
Restart fail2ban with:
sudo systemctl restart fail2ban
Install 2FA for your node to access SSH more securely.