Ready-to-use /etc/ssh/sshd_config snippets sourced directly from the ssh-audit built-in policies. Secure Ubuntu, Debian, Rocky Linux, Amazon Linux, and OpenSSH servers — eliminate weak ciphers and weak MAC algorithms in minutes.
After applying these SSH hardening settings, use our free
online SSH audit scanner
to verify your server scores an A grade. The
SSH security checker
will confirm all weak algorithms have been removed and flag any remaining issues with exact
sshd_config fixes.
Also useful for SSH compliance audits, SSH encryption audits, and verifying
ssh-audit hardening guide results on live servers.