Chapter 14: Harden sshd_config with Claude Code
In this chapter, you'll learn how to use Claude Code to review and harden sshd_config, apply modern security recommendations, and safely restart SSH without locking yourself out.
In the previous chapter, we learned how to review Nginx and Apache configuration changes before reloading the service.
In this chapter, we'll follow the same approach with sshd_config, but SSH requires extra caution.
If you make a mistake while hardening SSH, you could lock yourself out of the server completely. Unlike Nginx or Apache, where a bad configuration usually causes a reload to fail safely, but a broken SSH configuration can prevent new connections after a restart.
If that happens, the only way back in may be through the server's console or recovery access.
In this chapter, you'll learn how to create a safety net before making SSH changes, which hardening settings are actually worth applying, and how to use Claude Code as a second reviewer to help catch potential problems before restarting the SSH service.