SSH hardening

[The-Compiler]

• [x] fail2ban?
• [ ] config hardening? See https://infosec.mozilla.org/guidelines/openssh or https://www.sshaudit.com/hardening_guides.html

[The-Compiler]

We do already have an UFW rule to limit connection attempts. As for the rest, I'm not quite sure how to proceed. I originally intended to at least forbid password logins as root. However, we do have a strong root password, it's stored in our password store, and only two people (@dbrgn and I) seem to have SSH pubkeys set up. Then again, if someone gains access to the password store, it's pretty much game over anyways.