Skip to main content

Step 4: Securing OpenSSH

The OpenSSH server configuration should be located at /etc/ssh/sshd_config but we aren't going to edit this file. We are going to create a new file at /etc/ssh/sshd_config.d/hardening.conf. (add video)

X11Forwarding no

PermitEmptyPasswords no

MaxAuthTries 3

# NOTE: this will disable password authentication entirely! Setup SSH keys before applying this config!
PubkeyAuthentication yes
PasswordAuthentication no
PermitRootLogin no

Protocol 2
Back to top