Many people use default configs, keys, moduli, etc. from their hosters or distributions which is not a good idea. So I created this guide to secure your SSH service. It's not directed to PHP performance, but helps you to improve the security of your servers.
What we do:
- block all ports for incoming traffic
- use knockd to open the SSH port only when it's needed
- create secure keys and moduli
- restrict key exchange protocols
- restrict ciphers used to encrypt the data
- restrict message authentication codes used to ensure integrity
- restrict openssh to those features you really need
- use keys files for client authentication