To secure a Linux server's SSH service, there are a few options, which will be discussed on this page.

with key-based authentication, you can follow these steps:

  Generate a public/private key pair on your local machine:
      Open a terminal window and enter the following command: ssh-keygen
      Follow the prompts to specify the location to save the key pair, and enter a passphrase for the private key (optional).
      This will generate a public key and a private key in the specified location. The public key is stored in a file with the .pub extension, and the private key is stored in a file with no extension.

  Copy the public key to the server:
      Enter the following command to copy the public key to the server, replacing user with the username on the server and server_hostname_or_IP with the hostname or IP address of the server:
      ssh-copy-id user@server_hostname_or_IP
      You will be prompted to enter the password for the user on the server.
      This will copy the public key to the server and append it to the authorized_keys file in the ~/.ssh directory of the user's home directory on the server.

  Disable password-based authentication:
      Edit the /etc/ssh/sshd_config file on the server and set the PasswordAuthentication option to no. This will disable password-based authentication for the SSH service on the server.
      Save the file and restart the SSH service by running the following command: systemctl restart ssh

  Test the key-based authentication:
      From your local machine, try connecting to the server using the ssh command and the private key file:
      ssh -i /path/to/private_key user@server_hostname_or_IP
      If the connection is successful, you have successfully set up key-based authentication for the server's SSH service.