Mozilla has an excellent list of security guidelines for OpenSSH.
Copy an SSH public key to a remote machine
1 cat ~/.ssh/id_rsa.pub | ssh remoteuser@remotehost 'mkdir .ssh ; shat >> .ssh/authorized_keys'
will copy a public key to a remote machine, but most likely you want to use ssh-copy-id included with recent versions of OpenSSH.
Protect sshd from kernel OOM events
The kernel out-of-memory killer kills processes when a system runs out of RAM. Killing SSH typically does not help fix anything, and makes remotely-accessible systems inaccessible.
This is done by a few distributions, but when working on an arbitrary remote machine may be useful to run just in case.
Generate new SSH host key
Make sure /etc/ssh/sshd_config contains a path to the host key, e.g.:
Once it's there, create a new host key with:
sudo ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key