plaintext
12 lines · 1 tab
Kai Nakamura
Apr 2026
1 tab
Protocol 2
PermitRootLogin no
PasswordAuthentication no
KbdInteractiveAuthentication no
PubkeyAuthentication yes
AllowUsers deploy ops
MaxAuthTries 3
LoginGraceTime 20
X11Forwarding no
AllowTcpForwarding no
ClientAliveInterval 300
ClientAliveCountMax 2
1 file · plaintext
Explain with highlit
SSH hardening is basic but still worth doing carefully. I disable password auth, restrict root login, and pair strong settings with operational practices like host key monitoring and per-user key lifecycle management. Security without maintainability here usually ends in emergency exceptions later.
Share this code
Here's the card — post it anywhere.