After initial login always make another account thats not root Remove the ability to ssh into your server. Make it rsa key login only. Non-technical description: don’t let people use username and password for ssh If using aws make a new .perm per instance group. Por ejemplo you manage