Hardening SSH (Secure Shell) on your Debian / Ubuntu server is something that should be done immediately. It is not hard to do and can save you from lots of potential brute force attacks.
Change the Default SSH Port
Changing the default SSH port is one of the easiest things you can do to help harden you servers security. It will protect you from robots that are programmed to scan for port 22 openings, and commence their attack.
Open the SSH daemon config file.
vi /etc/ssh/sshd_config
Find this line towards the top.
# What ports, IPs and protocols we listen for Port 22
Now change the port number to something else. The port number does not really matter as long as you do no choose something that is already in use and falls within the port number range. You should research about port number assignments if you are not completely sure what to do. For this example we are going to use port 31122.
# What ports, IPs and protocols we listen for #Port 22 Port 31122
Do Not Allow Root Logins
Allowing the root user to be able to directly login is a security risk, and should also be changed. If you have not already done so, create a new user account for yourself.
vi /etc/ssh/sshd_config
Locate the section below in the sshd_config file.
# Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes
Change the PermitRootLogin option to no.
# Authentication: LoginGraceTime 120 #PermitRootLogin yes PermitRootLogin no StrictModes yes
Note: Make sure to open up the new TCP port in your firewall that you assigned in the sshd_config file, and close port 22.
Now restart the SSH daemon.
service ssh restart
Next time you try to login as the root user on port 22, you will not be allowed. You must use the new port number you assigned, and login as a non root user first. You can then change to the root user by using the command below followed by the password for root.
su root
Make sure to modify any configuration file(s) or filters (like fail2ban) that may require you to specify what port SSH uses.