Covago
Back to tips

Step-by-step guide

Secure SSH defaults

Apply stronger SSH defaults and key-only access for remote machines.

Time: 14 min Updated: 2026-04-08 Keywords: sshd_config ufw fail2ban

Why this helps

SSH is a common entry point. Hardening defaults dramatically lowers brute-force and credential theft risk on exposed systems.

How to verify

Run ssh -v login tests from a trusted host and confirm password logins fail while key logins succeed.

Steps

  1. Create SSH keys and confirm key login works.
  2. Disable password authentication in sshd_config.
  3. Restrict SSH access with firewall rules.
  4. Enable fail2ban or equivalent lockout policy.

Related tips