I’m using GrapheneOS’ infrastructure repo for inspiration for hardening my SSH server config: https://github.com/GrapheneOS/infrastructure/blob/main/sshd_config which seems to take things a bit further and removing legacy stuff, i.e. RSA.
Also, I’m using AddressFamily inet6 to only listen on IPv6 which reduces the number of log entries from curious scanners.
AddressFamily inet6
I’m using GrapheneOS’ infrastructure repo for inspiration for hardening my SSH server config: https://github.com/GrapheneOS/infrastructure/blob/main/sshd_config which seems to take things a bit further and removing legacy stuff, i.e. RSA.
Also, I’m using
AddressFamily inet6to only listen on IPv6 which reduces the number of log entries from curious scanners.