# SSH Configuration

The ssh configuration file is stored at: `/etc/ssh/sshd_config` also you want to create a file: `/etc/ssh/authorized_keys` to store the public keys that want to connect to the server

**/etc/ssh/sshd\_config**

Add the following to the end of the sshd\_config file to for the proper setup

```
Port [Portnumber]
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys /etc/ssh/authorized_keys
AllowTcpForwarding yes
AllowUsers [Names of the allowed users]
PasswordAuthentication no
LoginGraceTime 30
ClientAliveInterval 300
X11Forwarding no
```

**Portnumber:** Should be the portnumber you want to access your server on, it should not be 22 and should be above 1024

**AllowUsers:** Name of the users you want to allow login with

If you do not plan on acessing internal server ports over an ssh tunnel, such as [cockpit](https://cockpit-project.org/) you might want to remove the `AllowTcpForwarding` option

`sudo sshd -t` can be used to test out the configuration before reloading

`sudo systemctl reload sshd` actually reloads the service and the configuration