# Secure SSH

## Disable root

Edit `/etc/ssh/sshd_config` and set `PermitRootLogin no` or if you really need root access, e.g. for backups set `PermitRootLogin forced-commands-only`.

## Use Public Key Authentication

Create a new key pair on your client:

```
ssh-keygen -b 4096
```

Remember the path and password you choosed. Append the created public key from `/<your-path>/<key-name>.pub` on your client in the `/home/<user>/.ssh/authorized_keys`.

If you changed the path you can add the following to your `~/.ssh/config` file on your client:

```
Host <your-host-or-ip>
        User <the-server-username> # optional
        IdentityFile /<your-path>/<key-name>
```

Now edit `/etc/ssh/sshd_config` on your server and set the following values:

```
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

PasswordAuthentication no
```