sshd – Kevin Wells

HOME
Skills & Experience
Current Threats & Trends
Articles
- Identity & Access Management (IAM)Secure access with SSH keys, sudo, PAM, and cloud IAM roles.
- Automation & MonitoringStreamline operations with Ansible workflows, logging pipelines, and proactive monitoring.
- Backups & DRProtect data and maintain continuity with resilient backup and recovery strategies.
- Cloud SecurityDefend AWS and hybrid environments with strong identity, policy, and monitoring controls.
- AI SecurityPractical security engineering for LLMs and autonomous agents – risks, controls, architectures, and incident playbooks.
- System HardeningSecure Linux systems through patching, CIS benchmarks, and OS lockdown.
- Tools & CheatsheetsPractical quick-reference guides for Linux and cloud security administrators.
Lab Projects
Resources
About
Contact

SSHD Baseline Hardening: sane defaults, fewer surprises

September 12, 2025September 29, 2025 by Admin

Short version: Keys only, no root login, narrow who can connect, and log enough to investigate. Do not hardcode ciphers; modern OpenSSH defaults are already strong—your job is policy and hygiene. 1) Access policy # /etc/ssh/sshd_config — additive baseline Protocol 2 PermitRootLogin no PasswordAuthentication no PubkeyAuthentication yes ChallengeResponseAuthentication no KbdInteractiveAuthentication no UsePAM yes LoginGraceTime 30 … Read more