Configure OpenSSH Server if Necessary

ClientAliveInterval 

HostbasedAuthentication no

firewall-cmd --permanent --add-service=ssh

firewall-cmd --reload

Protocol 2

Compression 

PermitEmptyPasswords no

GSSAPIAuthentication no

KerberosAuthentication no

PubkeyAuthentication no

IgnoreRhosts yes

RhostsRSAAuthentication no

PermitRootLogin no

PermitRootLogin prohibit-password

AllowTcpForwarding no

IgnoreUserKnownHosts yes

X11Forwarding no

PermitUserEnvironment no

GSSAPIAuthentication yes

UsePAM yes

PubkeyAuthentication yes

StrictModes yes

Banner /etc/issue

Banner /etc/issue.net

X11Forwarding yes

PrintLastLog yes

RekeyLimit  

LogLevel INFO

LogLevel VERBOSE

MaxAuthTries 

MaxSessions 

MaxStartups 

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

CRYPTO_POLICY='-oKexAlgorithms=ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512'

MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1

UsePrivilegeSeparation 

SSH_USE_STRONG_RNG=32

firewall-cmd --permanent --add-rich-rule='rule family="ip_protocol" source address="netwk/mask" service name="ssh" accept'