# SSH Hardening

# Key-Only Login

**SSH-Config**
```bash
nano /etc/ssh/sshd_config
```

**Wichtige Einstellungen**
```
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
PermitRootLogin prohibit-password
PermitEmptyPasswords no
Protocol 2
LoginGraceTime 60
MaxAuthTries 3
X11Forwarding no
```

**SSH neustarten:**
```bash
systemctl restart sshd
```

# SSH Custom Port

**Port ändern:**
```bash
nano /etc/ssh/sshd_config
```

**Ändere:**
```bash
Port 1234
```

**UFW anpassen:**
```bash
ufw allow 1234/tcp
ufw delete 22/tcp
ufw reload
```

**SSH reload**
```bash
systemctl reload sshd
```

**Lokale SSH Config anpassen:**
```bash
nano /.ssh/config
```

```bash
Host Hetzner
  Hostname 1.2.3.4
  User root
  IdentityFile ~/.ssh/Hetznerkey
  Port 1234
```