SSH security best practices

Disable root access to ssh

Edit /etc/ssh/sshd_config and set:

PermitRootLogin no

and restart SSH:

sudo service ssh restart

Enforce using SSH key

Edit /etc/ssh/sshd_config and set:

PasswordAuthentication no
PubkeyAuthentication yes

and restart SSH:

sudo service ssh restart

Restrict access on SSH to specific users

Edit /etc/ssh/sshd_config and set:

AllowUsers jerome

and restart SSH:

sudo service ssh restart

Recommanded configuration for a VPS

sudo tee /etc/ssh/sshd_config.d/99-hardening.conf << 'EOF'
PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin no
DenyUsers ubuntu
MaxAuthTries 3
LoginGraceTime 30
X11Forwarding no
AllowAgentForwarding no
EOF

sudo sshd -t && sudo systemctl reload ssh

Disable root access to ssh​

Enforce using SSH key​

Restrict access on SSH to specific users​

Recommanded configuration for a VPS​

Disable root access to ssh

Enforce using SSH key

Restrict access on SSH to specific users

Recommanded configuration for a VPS