I’ve recently purchased the vero 4K and I’m very happy of it .
I ran some audit tool and found that sshd default configuration could be further hardened.
Root login should be disabled (though root is deactivated)
X11 forwarding should be disabled (though X11 is not installed)
Pre-authentication process should be further hardened
According to man page
sandboxoption further restrict syscalls on pre-authentication process.
Disable DSA Keys
These keys are considered weak and are deprecated by OpenSSH Team (and even disabled at run time)
Use the strongest cypher in priority
See References since there are a lot of lines to add
Only allow osmc user to log in
I know i’m a bit picky, but since osmc is part of IOT, its security should be examplary (and compliant with security audit tool).