If you want to harden your ssh server, read at least [WayBack] sshd_config – How to configure the OpenSSH server | SSH.COM.
After that use some ssh tools to check your config from the outside world. They work in a similar way as the TLS/SSL/https scans from Source: SSL Server Test (Powered by Qualys SSL Labs) or these console based scans and documentation references:
- /bin/bash based SSL/TLS tester: testssl.sh
- GitHub – ssllabs/research
- GitHub – ssllabs/ssllabs-scan: A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.
Simiarly for SSH:
- GitHub – mozilla/ssh_scan: A prototype SSH configuration and policy scanner (Blog: https://mozilla.github.io/ssh_scan/)
- GitHub – arthepsy/ssh-audit: SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
- Rebex SSH Check
Then read further on more in depth SSH topics around key management:
- [WayBack] What is SSH Public Key Authentication – How to configure? | SSH.COM
- [WayBack] Configure SSH key based secure authentication | SSH.COM
- [WayBack] How to kill a Fortune 500? | SSH.COM
- [WayBack] SSH Key Management | SSH.COM
–jeroen