SSH Hardening
If you use Linux you most likely use SSH. SSH allows you to make connections without a password.

PubkeyAuthentication yes

PasswordAuthentication no

Some user accounts are created without passwords, administrators of linux machines can create standard users without passwords. SSH does not prevent empty passwords from being allowed.
PermitEmptyPasswords no

PermitRootLogin no

Port 12345

AllowUsers user1 user2
AllowGroups group1 group2

X11 Forwarding allows anyone to tunnel GUI applications with SSH. You probably dont want that.
X11Forwarding no

GatewayPorts no

PermitUserEnvironment no

Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms [email protected],ecdh-sha2-nistp521
MACs [email protected],[email protected],hmac-sha2-512,hmac-sha2-256
KexAlgorithms [email protected],ecdh-sha2-nistp521
MACs [email protected],hmac-sha2-512****
You can test support algorithims using nmap
nmap -sV --script ssh2-enum-algos -p PORT TARGET

rm /etc/ssh/ssh_host_*
ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ""
ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ""

#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key

awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/
mv /etc/ssh/ /etc/ssh/moduli

Protocol 2
Copy link
On this page
Enable passwordless Authentication
Disable Password Authentication
Disable Empty Passwords
Disable Root Login
Defult SSH Port
Allow Users and Groups**
Disable X11 Forwarding
Disable Gateway Ports
Disable PermitUserEnvironment
Disable Weak Cryptographic Algorithims
Regenerate Host Keys
Disable Host Keys
Disable Small Diffie-Hellman Key Sizes
Disable SSHv1