The Secure Shell (SSH) provides protected, encrypted communications with other systems. Because SSH is an entry point into the system, disable SSH if it isn't required. Optionally, you can edit the /etc/ssh/sshd_config file to restrict its use.
Important:
After applying changes to the configuration file, you must restart the sshd service for the changes to take effect.
Restrict Root Access
Set PermitRootLogin to no to prohibit root from logging in with SSH. Then, elevate a user's privileges after logging in.
PermitRootLogin noRestrict Specific Users
You can restrict remote access to certain users and groups by specifying the AllowUsers, AllowGroups, DenyUsers, and DenyGroups settings, for example:
DenyUsers carol danAllowUsers alice bobFor more information about configuring users and groups, see Oracle Linux 8: Setting Up System Users and Authentication or Oracle Linux 9: Setting Up System Users and Authentication.
Set a Timeout Period
The ClientAliveInterval and ClientAliveCountMax settings cause the SSH client to time out automatically after a period of inactivity, for example:
# Disconnect client after 300 seconds of inactivityClientAliveCountMax 0ClientAliveInterval 300Disable Password Authentication
The PasswordAuthentication and PubkeyAuthentication settings define the method of authentication the SSH client implements for users: either with a password or with an SSH public key. By default, OpenSSH uses passwords for authentication. However, if you have configured key based authentication, which is more secure, you can optionally disable that functionality:
PasswordAuthentication noPubkeyAuthentication yes For more information, see the sshd_config(5) manual page.
