SSH Configuration Checklist
Some basics settings to check in your /etc/ssh/sshd_config to verify it's properly secured.
Avoid using protocol version 1 since it has known weaknesses:
Eliminate the display server attack surface of you are not using it on your host:
Rhosts should never be used since it's very weak:
Perform basic DNS check to see if connecting clients IP address and resolved hostname matches:
Never allow empty password since it's usually just a stupid thing to do:
Prevent brute force password attack by limit the amount of allowed attempts:
Never use the root account for remote login. It's bad practice to expose the root account and it removes accountability if it's shared among admins. Always use dedicated user accounts for login and combine it with sudo for administrative access:
Another tips to enhance security using SSH is to make use of public key authentication insted of passwords. This involves generating a key on client machines using ssh-keygen, copy the public part of it to the users .ssh/authorized_keys file on the server host, and finally turn off password login on the server.