When using a standard Ubuntu1 14.04 installation, it will be configured half-way secure. However, to achieve no findings on vulnerability scanners like nessus, you’ll need to tweak the settings further. Another nice side-effect is, that attackers are usually using outdated systems which means that they’re not even able to get to the authentication part.
Disable Password authentication
Passwords are a bad way to authenticate. Of course, prior to setting this off you should ensure that signing in to your users by using a private key is working. Once you’ve done this, open /etc/ssh/sshd_config and set
Choose strong MACs, Ciphers and Key-Exchange-Algorithms only
At the end of /etc/ssh/sshd_config append the following configuration parameters:
MACs hmac-sha2-512,hmac-sha2-256 Ciphers aes256-ctr KexAlgorithms ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
Applying the configuration
Once this is done, you’ll need to restart the ssh deamon by running the service ssh restart command.