1. Require the sudoer to prompt for a password by updating the /etc/sudoers file with the following:
    Look for the following:

    %sudo ALL=(ALL) NOPASSWD: ALL

    And update to become the following:

    %sudo ALL=(ALL) ALL
  2. Update the /etc/ssh/sshd_config file to have the following added:
    PermitRootLogin no
  3. Install fail2ban using the following command:
    sudo apt-get install fail2ban
  4. Create the file /etc/fail2ban/jail.d/jail.ssh file to have the following:
    [ssh]
     enabled = true
     port = ssh
     filter = sshd
     logpath = /var/log/auth.log
     maxretry = 6
     bantime = -1
     banaction = iptables-allports
  5. Restart the service using the following command:
    sudo systemctl restart fail2ban

See Unbanning an IP