Comment by sshine

I also harden my sshd_config.

I mainly disabled all legacy cryptography and types of tunnelling/forwarding that I don't rely on:

I also only expose SSH on public interfaces on one machine; all other machines have SSH over VPN.