====== SSH config ======
<code bash> vi /etc/ssh/sshd_config</code>
====== Key only access ======

===== Root =====
<code perl>
PermitRootLogin prohibit-password
</code>

===== User =====
<code perl>
PasswordAuthentication no
RSAAuthentication yes
PubkeyAuthentication yes
</code>
===== Specific to user =====
<code perl>
Match User alice,bob,john
PasswordAuthentication no
</code>
====== Deny User access ======
<code perl>
DenyUsers johnd admin nagios
</code>
====== Deny Groups access ======
<code perl>
DenyGroups wheel adm video apache
</code>
====== Deny User access ======
<code perl>
Deny Users johnd admin nagios
</code>
====== Disable IPv6 ======

<code perl>
Address Family inet
</code>
====== Set Modifications ======
<code bash> systemctl restart sshd</code>
====== References ======
  * https://tecadmin.net/deny-allow-access-for-users-and-groups-in-openssh/
  * https://www.xmodulo.com/how-to-force-ssh-login-via-public-key-authentication.html
  * https://blog.stephane-robert.info/docs/securiser/durcissement/ssh/