Good article.<p>Interested in the benefits of #2? Have never seen this done.<p>The firewall config in #3 seems like the proper layer to be handling it long-term, if you do both then the config in Tip #2 will never actually trigger.<p>With sending an email on login, you'll have to create one for every user. To run a command for every login use a sshrc file[1], this runs as sshd before any access is granted, quite useful for a lot of things.<p>You can also set the ForceCommand open in sshd_config but this also runs as the user, I prefer sshrc files for (maybe unjustifiably paranoid) security reasons.<p>Also from memory quite sure there's a difference between /etc/motd and a Banner file set in the config. Banner will run before login, motd runs after.<p>[1] <a href="https://man.openbsd.org/sshd#SSHRC" rel="nofollow">https://man.openbsd.org/sshd#SSHRC</a>