> [!META]- Inline Metadata > [status:: boat] > [source:: ] > [tags:: #note/evergreen #state/boat #concepts/homelab] > [up:: [[Homelab MOC]]] Steps for securing a fresh SSH server: - Disable root login ^1omk9t - `sudo vim /etc/ssh/sshd_config` - Uncomment "PermitRootLogin no" - Restart ssh: `sudo systemctl restart sshd` - Disable password login - Using steps [here]([[Securing a New SSH Server#^1omk9t]]): - Set "PasswordAuthentication no" - Keyfile login (generate key if necessary, use ssh-copy-id to copy public key to authorized hosts) - If necessary, generate a key - ssh-copy-id -i [email protected] - Change SSH port - Edit sshd_config - Update "Port 22" line (uncomment if necessary) to the port you want to use - [Install fail2ban](https://pimylifeup.com/raspberry-pi-fail2ban/)