SSH is a secure protocol for exchanging data. It can be used to log in to remote machines, execute commands remotely, and transfer files. Since
communication within SSH is encrypted, it is a worthy replacement for remote-login solutions such as telnet, rlogin, and FTP. Take these measures
to harden SSH:

  • Make sure SSH protocol version 1 is disabled. The sshd_config file must contain the following line:
Protocol 2
  • The root user should not be allowed to SSH in. Make sure the following line is present in sshd_config:
PermitRootLogin no
  • Private key files such as ssh_host_key, ssh_host_dsa_key, and ssh_host_rsa_key should be readable only by root.
  • Make sure Privilege Separation is turned on. The following line must be present in sshd_config:
UsePrivilegeSeparation yes