SSH security has to be taken care when Linux server is up and running. Most administrators tend to install an SSH server and leave it at its default settings, typically to allow password authentication and root logins . There are few parameters in /etc/ssh/sshd_config which can be changed to securing SSH.
Open /etc/ssh/sshd_config and add the below line
Limit SSH protocol to version 2 as version 1 is not secure
Prevent SSH from setting up TCP port and X11 forwarding
AllowTcpForwarding no X11Forwarding no
Check the StrictModes directive is enabled which checks file permissions and ownerships of some important files in the user’s home directory like ~/.ssh, ~/.ssh/authorized_keys etc. If any checks fail, the user won’t be able to login.
Ensure that all host-based authentications are disabled. These methods should be avoided as primary authentication.
IgnoreRhosts yes HostbasedAuthentication no RhostsRSAAuthentication no
After changing any directives make sure to restart the sshd daemon:
Allow SSH connections only from admin networks. Exclude User networks. This article help you to disables Hosts and Groups to SHH