Basic tips for securize your SSH service

Use SSL2 protocol: Older versions of SSH support two different and incompatible protocols: SSH1 and SSH2. SSH1 was the original protocol and was subject to security issues. SSH2 is more advanced and secure.
INFO level is the basic level that only records login activity of SSH users. In many situations; such as Incident Response; it is important to determine when a particular user was active on a system. The logout record can eliminate those users who disconnected; which helps narrow the field. VERBOSE level specifies that login and logout activity as well as the key fingerprint for any SSH key used for login will be logged. This information is important for SSH key management; especially in legacy environments. Set Log Level to INFO
Disable X11 forwarding unless there is an operational requirement to use X11 applications directly. There is a small risk that the remote X11 servers of users who are logged in via SSH with X11 forwarding could be compromised by other users on the X11 server. Note that even if X11 forwarding is disabled; users can always install their own forwarders. Set X11 Forwarding method to OFF
The Max authentications attempts parameter specifies the maximum number of authentication attempts permitted per connection. When the login failure count reaches half the number; error messages will be written to the syslog file detailing the login failure. Setting the Max authentications attempts parameter to a low number will minimize the risk of successful brute force attacks to the SSH server. While the recommended setting is 4; set the number based on site policy.
Setting IgnoreRhosts parameter forces users to enter a password when authenticating with ssh. Ensure it is enabled.
The Host based Authentication parameter specifies if authentication is allowed through trusted hosts via the user of .rhosts; or /etc/hosts.equiv; along with successful public key client host authentication. This option only applies to SSH Protocol Version 2. Ensure Host based Authentication is disabled
The Permit Root Login parameter specifies if the root user can log in using ssh. Disallowing root logins over SSH requires server admins to authenticate using their own individual account; then escalating to root via sudo or su. This in turn limits opportunity for non-repudiation and provides a clear audit trail in the event of a security incident.
Key exchange is any method in cryptography by which cryptographic keys are exchanged between two parties; allowing use of a cryptographic algorithm. If the sender and receiver wish to exchange encrypted messages; each must be equipped to encrypt messages to be sent and decrypt messages received Ensure only strong Key Exchange algorithms are used like diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1
The two options Client Alive Interval and Client Alive Count Max control the timeout of ssh sessions. When the Client Alive Interval variable is set; ssh sessions that have no activity for the specified length of time are terminated. When the Max. Client Alive variable is set; sshd will send client alive messages at every Client Alive Interval interval. When the number of consecutive client alive messages are sent with no response from the client; the ssh session is terminated. For example; if the Client Alive Interval is set to 15 seconds and the Max. Client Alive is set to 3; the client ssh session will be terminated after 45 seconds of idle time. Having no timeout value associated with a connection could allow an unauthorized user access to another user's ssh session (e.g. user walks away from their computer and doesn't lock the screen). Setting a timeout value at least reduces the risk of this happening. While the recommended setting is 300 seconds (5 minutes); set this timeout value based on site policy. The recommended setting for Max. Client Alive is 0. In this case; the client session will be terminated after 5 minutes of idle time and no keepalive messages will be sent.
The Login Grace Time parameter specifies the time allowed for successful authentication to the SSH server. The longer the Grace period is the more open unauthenticated connections can exist. Like other session controls in this session the Grace Period should be limited to appropriate organizational limits to ensure the service is available for needed access. Ensure the Login Grace Time is set to one minute or less
The Banner parameter specifies a file whose contents must be sent to the remote user before authentication is permitted. Banners are used to warn connecting users of the particular site's policy regarding connection. Presenting a warning message prior to the normal user login may assist the prosecution of trespassers on the computer system. Ensure Using banner is configured
Use PAM Enables the Pluggable Authentication Module interface. If active this will enable PAM authentication using Challenge Response Authentication and Password Authentication in addition to PAM account and session module processing for all authentication types. When use PAM is active; PAM runs through account and session types properly. This is important if you want to restrict access to services based off of IP; time or other factors of the account. Additionally; you can make sure users inherit certain environment variables on login or disallow access to the server. Ensure SSH PAM is enabled
SSH port forwarding is a mechanism in SSH for tunneling application ports from the client to the server; or servers to clients. It can be used for adding encryption to legacy applications; going through firewalls; and some system administrators and IT professionals use it for opening backdoors into the internal network from their home machines. Leaving port forwarding enabled can expose the organization to security risks and back-doors. SSH connections are protected with strong encryption. This makes their contents invisible to most deployed network monitoring and traffic filtering solutions. This invisibility carries considerable risk potential if it is used for malicious purposes such as data exfiltration. Cybercriminals or malware could exploit SSH to hide their unauthorized communications; or to exfiltrate stolen data from the target network. Ensure Allow TCP Forwarding is set to OFF
The Max concurrent unauthenticated connections parameter specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. To protect a system from denial of service due to a large number of pending authentication connection attempts; use the rate limiting function of Max concurrent unauthenticated connections to protect availability of sshd logins and prevent overwhelming the daemon. Ensure SSH Max concurrent unauthenticated connections is limited
The Max Sessions parameter specifies the maximum number of open sessions permitted from a given connection. To protect a system from denial of service due to a large number of concurrent sessions; use the rate limiting function of Max Sessions to protect availability of sshd logins and prevent overwhelming the daemon.