I bought a static ip from the provider and decided to allow access to ssh from this ip only. The advantages are obvious: no one except me can connect to your server via ssh. No one can pick passwords. And fail2ban becomes unnecessary. :) In short, from static ip some solid pluses.
Method one. Specifying the allowed ip in the /etc/hosts.allow file. Write the following line in it:
127.0.0.1 replace with your ip address.
Open the following file - /etc/hosts.deny and put it there:
Now restart ssh with the service ssh restart command.
The second way. Restricting access by ip using iptables.
If you have an open firewall, then you need to allow access only from your ip and close for the rest. 127.0.0.1 replace with your ip.
iptables -A INPUT -s 127.0.0.1 -p tcp --dport 22 -j accept iptables -A INPUT -p tcp --dport 22 -j DROP
If the firewall is closed, you only need to allow access to yourself.
iptables -A INPUT -s 127.0.0.1 -p tcp --dport 22 -j accept
In both cases, 127.0.0.1 needs to be replaced with your ip.