Yeah, on my SSH server, I have that pretty darn secure. I use Iptables stateless packet filtering firewall and have some of the rules and tables set up to only accept so many packets a second which helps to defeat some forms of DoS attack. I have had hackers from all over the world trying to crack into it to no avail. Some of them were just script kiddie attacks while others looked like really human hackers trying to find ways to crack in but were not able to.
Plus, using public key authentication with challenge passphrase with each of their corresponding private keys to authenticate with for each of the users to my server which defeats password cracking software. In addition, I don't allow root logins and I set root to expire so that attackers can't even attempt to use DoS attacks by attempting to keep a bunch of connections open on attempted root logins. See, it's one thing to disallow root logins another to expire the account.
You want to do both. If you just disallow root logins, an attacker could probably still attempt to authenticate but not completely follow through with it thus keeping the connection open. He could do this from a bunch of spoofed IP addresses to overwhelm your server and crash it. But if you expire the root account, your server won't even allow an authentication attempt connection even though it has already been disallowed. Thus they wouldn't be able to open a bunch of connections attempting to log in as root and crash your server by overwhelming it with too many connections from various spoofed IP addresses. So, I got this one joker who has for many months been running a DoS attack by trying to login as root to my SSH server but I have both disallowed root logins and expired the root account so such attacks do no good and fail at crashing my server. But his attack has been still running automatically for several months to no avail regardless. You can see that in your log files.
I also use a Linux program called Lynis which I use to audit my server and ensure it is hardened as much as possible. Lynis was something I learned to use in one of my cyber-security class and it works wonders. That and following the guidelines from the Center of Internet Security. https://www.cisecurity.org/
. You can use a free, open source Linux Security Incident Event Management System called Linux Security Onion to generate alerts from your log files in the event of a compromise so that you can quickly respond to the incident and contain and eradicate it as well as recover your system.
Authorized users who log in to my SSH server or SFTP into have encrypted connections plus they have to use public/private key authentication with challenge passphrase. So, their accounts and communications are VERY secure given the authentication methods and the fact I use military grade open source encryption to encrypt their SSH and SFTP connections.
"Just do one thing or the other, don’t try to be two people at once." -Arthur from Red Dead Redemption 2