Step 4: Securing OpenSSH

⚠️ Before continuing: This will make login via password impossible. If you lose your SSH key, you will lose access to your server and it will require a reinstallation. 
 The OpenSSH server configuration should be located at /etc/ssh/sshd_config but we aren't going to edit this file. We are going to create a new file at /etc/ssh/sshd_config.d/hardening.conf . (add video) 
 X11Forwarding no

AllowAgentForwarding no

PermitEmptyPasswords no

MaxAuthTries 3

# NOTE: this will disable password authentication entirely! Setup SSH keys before applying this config!
PubkeyAuthentication yes
PasswordAuthentication no
PermitRootLogin no

Protocol 2
 
 Now to apply these settings, we need to restart the ssh server with: sudo systemctl restart sshd , and voilà!