Securing OpenSSH
While OpenSSH is generally more secure nowadays than it was in the past, it's still potentially a gaping hole in your server that miscreants will try to use in order to compromise your network. OpenSSH is very useful though; as administrators, we like OpenSSH because it gives us a convenient way of accessing multiple machines we manage all from one central computer. Securing OpenSSH isn't hard at all. In this section, I'll go over all the common ways in which you can secure OpenSSH on your servers. Specifically, I'll show you various tweaks you can make to the OpenSSH daemon's config file, which is /etc/ssh/sshd_config (covered in Chapter 4, Connecting to Networks). With each of the tweaks in this section, make sure you first search the file in order to see if the setting is there, and change it accordingly. If the setting is not present in the file, add it. After you make your changes, it's important to restart the OpenSSH daemon:
# systemctl...
