ssh config | ssh

Good practice is to disable root login, and allow login only using keys.

Also changing default port from 22 to something else is not bad idea.

Bash

sudo nano /etc/ssh/sshd_config

Text Only

# Disable root login
PermitRootLogin no

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

Warning

Do not forget to add your ssh key first or you'll lock yourself out!

good commands to know

create ssh key

Bash

ssh-keygen -t ed25519 -C urkeyname

copy key to remote machine

Bash

ssh-copy-id user@remoteIP

Note

usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination [command]

ssh config | ssh

disable root login && disable login using password

good commands to know