There are guides on the site to cover most of these tips but this is just a quick checklist to help keep ssh / your server secure
Run SSH on port other than 22 (Change in /etc/ssh/sshd_config)
Dis Allow root logon (ensure you can use su or sudo from the terminal first!)
(uncomment out #PermitRootLogin no in /etc/ssh/sshd_config)
Add message banner (Config article here)
It is good prectice to announce that your server is private and that unauthorized access is not permitted)
Only protocol SSH2 (Change in /etc/ssh/sshd_config)
Require public / private keys for access
Remove password authentication / logon (Check your public / private keys allow you access first!)
(Config article here, uncomment out the last three lines on that page from /etc/ssh/sshd_config)
Only permit specific user(s) (add each user with the AllowUsers directive in /etc/ssh/sshd_config)
AllowUsers john
