sudo apt update && sudo apt upgrade
useradd -m -s /bin/bash foo
passwd bar
usermod -aG sudo foo
ssh-keygen -t rsa
ssh-copy-id -i $HOME/.ssh/id_rsa.pub foo@10.64.0.1
Test
ssh foo@10.64.0.1
Disable password login
sudo nano /etc/ssh/sshd_config
LoginGraceTime 0
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
PermitRootLogin no
PermitRootLogin prohibit-password
sudo systemctl reload ssh
Test
ssh foo@10.64.0.1 -o PubkeyAuthentication=no
sudo apt install ufw
sudo ufw limit 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw enable
sudo apt install fail2ban
sudo nano /etc/fail2ban/jail.conf
[DEFAULT]
ignoreip = 127.0.0.1/8 ::1
bantime = 3600
findtime = 600
maxretry = 5
[sshd]
enabled = true
sudo systemctl enable fail2ban
sudo systemctl start fail2ban