I’ll go in a slightly different direction but one that any CISO will tell you is just as important as locking down SSH, etc. Have a good backup plan
Especially for a home server, is your biggest threat vector someone launching 0-days against it or the SD card it boots off of crapping out? Even production servers, when someone misconfigures sshd_config and locks everyone out (ask me how I know) or you get a crypto-locker run because all the configs in the world can’t save you from a supply chain attack. You’ll be glad you have backups on-site, off-site, a general DR strategy, etc.
I’ll go in a slightly different direction but one that any CISO will tell you is just as important as locking down SSH, etc. Have a good backup plan
Especially for a home server, is your biggest threat vector someone launching 0-days against it or the SD card it boots off of crapping out? Even production servers, when someone misconfigures sshd_config and locks everyone out (ask me how I know) or you get a crypto-locker run because all the configs in the world can’t save you from a supply chain attack. You’ll be glad you have backups on-site, off-site, a general DR strategy, etc.