1. # configuring sshd by editing /etc/ssh/sshd_config to minimize break-in potential through the use of weak passwords and cryptographic mechanisms.
    # Edit /etc/ssh/sshd_config to make sure that:
    • # the use of the ssh protocol verion 1 is disabled and its hostkeys are not specified
    • # the password and publickey authentication methods are enabled
    • # the list of block ciphers and mac algorithms that can be used is updated

    # You can accomplish this if you specify the following lines in your /etc/ssh/sshd_config:
     Protocol 2
     # HostKey /etc/ssh/ssh_host_key
     PasswordAuthentication no
     PubkeyAuthentication yes
     Ciphers aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour
     MACs hmac-ripemd160,hmac-sha1,hmac-sha1-96
    
    # Paolo Falcioni kindly provided a ready-to use copy of /etc/ssh/sshd_config which already contains this finetuning