hostnamectl set-hostname my-host-name

edit /etc/hosts with public IP and FQDN (fully qualified domain name)

for IPv4:

127.0.0.1	localhost.localdomain localhost
203.0.113.10	example-hostname.example.com example-hostname

and IPv6:

127.0.0.1	localhost.localdomain localhost
203.0.113.10	example-hostname.example.com example-hostname
2600:3c01::a123:b456:c789:d012	example-hostname.example.com example-hostname

if you don't have an ssh key, generate one on local machine run:

ssh-keygen -t ed25519 -C "user@domain.tld"

then on compute instance:

mkdir -p /home/USERNAME/.ssh

upload your ssh key - from your local system run

Linux:

ssh-copy-id example_user@192.0.2.17

macOS:

install ssh-copy-id from homebrew then as above, or:

scp ~/.ssh/id_rsa.pub example_user@203.0.113.10:/home/USERNAME/.ssh/authorized_keys

Windows:

scp C:\Users\MyUserName\.ssh/id_rsa.pub example_user@192.0.2.17:~/.ssh/authorized_keys

check permissions on ssh directory:

chmod -R 700 /home/USERNAME/.ssh/

file /etc/ssh/sshd_config

# Authentication:
...
PermitRootLogin no

same /etc/ssh/sshd_config file:

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

.local files will override the default .conf files provided

cd /etc/fail2ban
cp fail2ban.conf fail2ban.local
cp jail.conf jail.local

jail.local: in CentOS or Fedora need to change backend from auto to systemd

backend = systemd

ufw allow ssh
ufw allow 22
ufw deny 25
ufw allow 80/tcp
ufw allow http/tcp
ufw allow 443/tcp
ufw allow https/tcp

more config

To allow connections from an IP address:

sudo ufw allow from 198.51.100.0

To allow connections from a specific subnet:

sudo ufw allow from 198.51.100.0/24

To allow a specific IP address/port combination:

sudo ufw allow from 198.51.100.0 to any port 22 proto tcp

proto tcp can be removed or switched to proto udp depending upon your needs, and all instances of allow can be changed to deny as needed.

Although simple rules can be added through the command line, there may be a time when more advanced or specific rules need to be added or removed. Prior to running the rules input through the terminal, UFW will run a file, before.rules, that allows loopback, ping, and DHCP. To add to alter these rules edit the /etc/ufw/before.rules file. A before6.rules file is also located in the same directory for IPv6.

An after.rule and an after6.rule file also exists to add any rules that would need to be added after UFW runs your command-line-added rules.

An additional configuration file is located at /etc/default/ufw. From here IPv6 can be disabled or enabled, default rules can be set, and UFW can be set to manage built-in firewall chains.

sudo ss -atpu

where

-a: all listening and non-listening
-t: TCP sockets
-p: show processes
-u: UDP sockets