Perfectly Awesome

Linux Servers: SSH Hardening Tips

Don't know what the settings are?
sshd -T

1. Disable empty passwords:
PermitEmptyPasswords no

2. Change default SSH ports:
Port 2345

3. Disable root login via SSH:
PermitRootLogin no

4. Disable ssh protocol 1:
Protocol 2

5. Configure idle timeout interval (seconds):
ClientAliveInterval 300

6. Allow SSH access to selected users only:
AllowUsers User1 User2
Also: AllowGroups {groupname}, DenyUsers, DenyGroups

7. Disable X11 Forwarding:
X11Forwarding no

8. Mitigate brute force attacks automatically:
Intro to FailBan

9. Disable password based SSH login:
How to add SSH public keys to a server
Detailed tutorial

10. Enable Two-factor authentication with SSH:
Tutorial