SSH Config Generator
Generate a secure sshd_config for your SSH server. Choose hardened, balanced, or legacy profiles.
sshd_config — Balanced (Recommended)
# QCecuring Balanced SSH Config # Generated for Linux — Balanced profile Protocol 2 # Authentication PermitRootLogin no PasswordAuthentication no PubkeyAuthentication yes MaxAuthTries 5 LoginGraceTime 60 # Key Exchange KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256 HostKeyAlgorithms ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa PubkeyAcceptedAlgorithms ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa # Ciphers Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr # MACs MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256 # Logging LogLevel INFO # Network ClientAliveInterval 600 ClientAliveCountMax 3 MaxSessions 10 TCPKeepAlive yes # Security AllowAgentForwarding yes AllowTcpForwarding local X11Forwarding no
SSH Server Configuration Generator
Generate a secure sshd_config for your SSH server. Choose from three security profiles: Hardened (modern clients only, maximum security), Balanced (recommended for most servers), or Legacy (maximum compatibility with older clients).
What this configures
- Key exchange algorithms (KexAlgorithms)
- Host key algorithms and accepted public key types
- Symmetric ciphers and MAC algorithms
- Authentication methods (public key, password)
- Session limits, forwarding, and logging
Generated entirely in your browser. Always test in a staging environment before deploying.
Ready to Secure Your Enterprise?
Experience how our cryptographic solutions simplify, centralize, and automate identity management for your entire organization.