Security Task: SSH Hardening Checklist

Goal

Minimize attack surface on SSH by applying secure defaults and configurations.

Checklist

• Disable root login:

  PermitRootLogin no
  

• Disable password login:

  PasswordAuthentication no
  

• Use only SSH keys and restrict to specific users:

  AllowUsers username
  

• Change default port (optional):

  Port 2222
  

• Enable rate limiting via firewalld or fail2ban

Verification

sshd -t
systemctl restart sshd

Tools

• sshd_config, fail2ban, firewalld, ssh-keygen