Best practices using ssh Disable SSHprotocol 1 In the Protocol section of /etc/ssh/sshd_config, enable ONLY protocol 2. Protocol 1 isn't secure and there is a risk of a man in the middle attack. In order to test SSH deployment, tools like the Cisco content engine and Ettercap (http://ettercap.sourceforge.net) can be used to simulate man in the middle attacks. Only enable PubkeyAuthentication In the Authentication section of /etc/ssh/sshd_config, only enable PubkeyAuthentication. This option grants access only to an user who has a RSA or DSA private certificate in his HOME/.ssh directory and the correspondent public certificate in server's HOME/.ssh/ directory. If either certificate doesn't exist the user can't login.