The most significant change you can make to your ssh authentication is using Key-Based Authentication Instead of passwords, this makes it immune to brute force and dictionary attacks and more.

1. add our public key to the server as force public key authentication

We assume you already have a key pair. If not, Generating a new SSH key and adding it to the ssh-agent.

First we will copy the Public key to the server using ssh-copy-id:

ssh-copy-id user@server_address

import from Github

if you have your public key in GitHub you can import it using ssh-import-id utility:

ssh-import-id-gh <username>

2. Enforce Key-Based Authentication

After adding our public key we will force public key authentication by creating /etc/ssh/sshd_config.d/20-force_publickey_auth.conf (depending on your configuration we will add this in ssd_config.d folder):

PasswordAuthentication no 
AuthenticationMethods publickey

Warning: Before restarting, ensure you have an active session open. If your config is wrong, you may be locked out.

After forcing public key authentication we will restart the SSH service:

sudo systemctl restart sshd

if you use ssh daemon instead of sshd restart ssh.

Bonus. SSH hardening guide

“Allowing remote log-on through SSH is good for administrative purposes, but can pose a threat to your server’s security. Often the target of brute force attacks, SSH access needs to be limited properly to prevent third parties gaining access to your server.” - OpenSSH Arch Wiki To do this we can follow the SSH hardening guides.

To check if you have configured it correctly you can use the ssh-audit utility against your server.

ssh-audit <server IP>

sources:

OpenSSH - ArchWiki

ssh-import-id - Ubuntu Manpages