sudo nano /etc/ssh/sshd_config
Port XX #any different to 22, IMPORTANT open port before!
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
MaxAuthTries 3
LoginGraceTime 30

#Refrescar 
systemctl daemon-reload
systemctl restart ssh.socket

echo "net.ipv4.conf.default.accept_source_route = 0" | sudo tee -a /etc/sysctl.d/99-hardening.conf
echo "net.ipv4.conf.all.rp_filter = 1" | sudo tee -a /etc/sysctl.d/99-hardening.conf
sudo sysctl --system