OpenSSH is a wonderful tool; it's the Linux administrator's best friend. It saves you the trouble of having to walk into the server room and attach a monitor and keyboard in order to perform work on your network. Using any computer connected to the same network, you can pretty much do anything you want to as if you were standing right in front of the machine. The problem is that an unsecured SSH implementation gives miscreants the exact same luxury. Of all the things running on your network, SSH is definitely the one you want to give some major attention to.

The first and most common security tweak for SSH is to use only Version 2 of the protocol. To determine which version your Linux installation is using, grep the /etc/ssh/sshd_config file:

cat /etc/ssh/sshd_config |grep Protocol

If the answer is 1, you should edit this file and change the line that reads Protocol 1 to Protocol 2, and restart SSH. The reason this is important is because Protocol 1 has considerably weaker...