On your local machine, if you don’t have one already

Generate an ssh key

ssh-keygen -b 4096
You can keep hitting enter and use the default location and options, no need for a password
cat ~/.id_rsa.pub
Copy what you see there and put it in a text editor or open a new tab

SSH into the remote machine

ssh [email protected]The idea here is use a user with sudo access rather than root.

Add a new user

You’ll be prompted to create a password
adduser username
adduser username sudo

SSH credentials

mkdir -p /home/username/.ssh;chmod -R 700 /home/username/.ssh/
nano /home/username/.ssh/authorized_keys

Paste the ssh key you generated earlier. Hit control + x then the y key

Set SSH file permissions

chmod 700 -R /home/username/.ssh;chmod 600 /home/username/.ssh/authorized_keys

Edit SSH configuration file

nano /etc/ssh/sshd_config
Change the port number on the top of the file to something other than 22
Press control + w and type PermitRootLogin
change the yes to a no
'PermitRootLogin no'
Hit control + x then the y keyservice ssh restart

Install UFW

apt-get install UFW
ufw default deny incoming
ufw default allow outgoing

Allow the port number you used in /etc/ssh/sshd_config earlier
ufw limit xxxx
ufw enable
exit

Log in with the new user
ssh [email protected]