Thought maybe some further changes could be added (as an option during install process?)
-
Disable root Login
1a. Add the AllowUsers option to only allow the one user to login -
Force Public Key authentication and disable Password Authentication
-
Give us option to set the SSH port rather than the default 4747