SSH access hygiene
SSH hardening should reduce access risk without causing lockout.
A good SSH setup has named users, known keys, tested sudo access, a deliberate root-login policy, clear recovery access, and handover notes. The dangerous approach is changing config before proving the replacement path works.
KeysKnown owners
SudoNamed access
RecoveryNo lockout
SSH is often the most sensitive operational door on a VPS. If old agency keys, shared root access, weak password login, or undocumented sudo users remain in place, the server may be technically online but operationally risky. SSH hardening is not just a command. It is an access control process.
Official source note: Ubuntu documents OpenSSH server configuration and explains how SSH server settings are controlled on Ubuntu: Ubuntu OpenSSH server documentation.
SSH hardening flow
01Inventory users, keys, sudo rights, and recovery02Apply root-login and password policy after testing03Record the final access model for future handover
