Secure SHell (SSH) protocol 500 SSH user/group access controls Configure sshd_config access control for allowed groups Configure sshd_config access control for allowed users Configure sshd_config access control for disallowed groups Configure sshd_config access control for disallowed users Enable root login over ssh Allowed ciphers chacha20-poly1305@openssh.com ChaCha20 Poly1305 3des-cbc 3DES CBC (weak) aes128-cbc AES 128 CBC aes192-cbc AES 192 CBC aes256-cbc AES 256 CBC aes128-ctr AES 128 CTR aes192-ctr AES 192 CTR aes256-ctr AES 256 CTR arcfour128 AC4 128 (broken) arcfour256 AC4 256 (broken) arcfour AC4 (broken) blowfish-cbc Blowfish CBC cast128-cbc CAST 128 CBC Don't validate the remote host name with DNS Don't allow unknown user to login with password Key exchange algorithms Local addresses SSH service should listen on ipv4 IP address to listen for incoming connections ipv6 IPv6 address to listen for incoming connections ipv4,ipv6 Log level QUIET stay silent FATAL log fatals only ERROR log errors and fatals only INFO default log level VERBOSE enable logging of failed login attempts Allowed message authentication algorithms Port for SSH service u32:1-65535 Numeric IP port u32