Limiting SSH to specific IPs or netblocks, and/or specifically excluding those you're likely to never use, would also help cut down on the attack surface. Not that hosts within your perimiter don't get compromised, but there are far fewer of them.
2FA including keyfobs is yet another option.
Limiting SSH to specific IPs or netblocks, and/or specifically excluding those you're likely to never use, would also help cut down on the attack surface. Not that hosts within your perimiter don't get compromised, but there are far fewer of them.
2FA including keyfobs is yet another option.