SSH Best Practices using Certificates, 2FA and Bastions

The industry best practices for SSH security include using certificates, two-factor authentication, and SSH bastion hosts. B

https://goteleport.com/blog/how-to-ssh-properly/

There's no denying that SSH is the de facto tool for *nix server administration. It's far from perfect, but it was designed with security in mind, and there's been a huge amount of tooling written over the years to make it easier to use. In addition, many popular products and just about every server deployment system integrate with SSH somehow. It is universally supported across pretty much all architectures and distributions, from Raspberry Pi's all the way up to massive supercomputer clusters.