• If a user has to access multiple recourse use remote access VPN

If you must use SSH externally:

• Use non-default port TCP p̵o̵r̵t̵ ̵2̵2̵
  • Change SSH Configurations
    “sudo nano /etc/ssh/sshd_config”

Change the SSH port number to 6111:

• Use a single source address
  • If not possible. Block to single ISP
    
    Block using UFW:
    Create a Unix-formatted list of IPs
    Upload file using FileZilla
    Run “while read line; do ufw allow from $line to any port 6111 proto tcp; done < ISP_LMT_Tele2_List.txt”
    To delete SSH old rule in UFW run “sudo ufw status numbered”
    and “ufw delete 292” or Deletes rules from 100 to 200 for i in {200..100};do yes|sudo ufw delete $i;done
  • If that’s not viable Geo block
    • To protect SSH use Fail2Ban