For more detail, refer to the guide [http://www.linux-faqs.info/security/force-strong-passwords| Force strong passwords]

Use password aging, the chaging command on Linux servers allows checking of password age by user and setting of password aging parameters [http://linoxide.com/linux-command/password-expire-chage-command/| link].

Failed login attempts should result in the locking of the associated user account. On Linux systems, the faillog command can be used to check failures and to set failure limits. For more details see [http://www.cyberciti.biz/tips/rhel-centos-fedora-linux-log-failed-login.html| Faillog]

Use Password Management software - a tool such as Keepass, or KeepassX for Linux and Mac, allows users to easily generate, store and mange complex difficult to crack passwords. Refer to this guide for details on [https://securityinabox.org/en/keepass_main| Keepass]

Private keys should be used for SSH login access. The following guide gives details on generating and setting up public/private keys for SSH login, [http://support.suso.com/supki/SSH_Tutorial_for_Linux| SSH tutorial]

File permissions should be restricted for critical files. User should only be allowed access to files relevant to their work. Execution as root should be restricted. Discussion of [http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions| linux file permissions].

As above [https://securityinabox.org/en/keepass_main| Keepass] can be used to generate and store a complex admin password. This has the secondary advantage of limiting access to the admin password to those who are trusted with the Keepass store.

Depending on what version of CPanel your provider offers, it is possible to lock down access via [http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/DenyAccess| Host Access Control] option. This allows you limit access to very specific IP addresses.