Secure SSHD in Linux

The secure shell daemon should be hardened to prevent unauthorised access before being put into a production environment or exposed to the internet.


Verify the /etc/ssh/sshd_config file contains the following lines and that they are not commented out:

Protocol 2
IgnoreRhosts yes
HostbasedAuthentication no
PermitRootLogin no
PermitEmptyPasswords no
AllowTcpForwarding no (unless needed)
X11 Forwarding no (unless needed)
AllowUsers <username1> <username2> (Optional)
DenyUsers <username1> <username2> (Optional)