How to strengthen SSH

Disable SSH 1 in /etc/ssh/sshd_config

Protocol 1,2

Use only RSA 2048-bit keys

ssh-keygen -t rsa -b 2048

In particular, RSA 2048-bit SSH host keys

ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key

Enable only RSA key in /etc/ssh/sshd_config

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

And hide non-RSA keys

cd /etc/sshd_config
for x in ssh_host_key ssh_host_dsa_key; do
  mv $x $x.disabled; mv $x.pub $x.pub.disabled;
done

Reason: man ssh-keygen says that RSA keys have the minimum size of 768 bits and the default is 2048 bits. Generally, 2048 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by FIPS 186-2.