Move sshd config for prod server to correct location

CI_CD_PIPELINE_SETUP_GUIDE.md

@@ -1447,6 +1447,153 @@ sudo apt install -y \
     python3-certbot-nginx
 ```
 
+#### 10.5 Secure SSH Configuration
+
+**Critical Security Step**: After setting up SSH key authentication, you must disable password authentication and root login to secure your Production server.
+
+**Step 1: Edit SSH Configuration File**
+
+```bash
+# Open the SSH configuration file using nano
+sudo nano /etc/ssh/sshd_config
+```
+
+**Step 2: Disallow Root Logins**
+
+Find the line that says:
+```
+#PermitRootLogin prohibit-password
+```
+
+Change it to:
+```
+PermitRootLogin no
+```
+
+**Step 3: Disable Password Authentication**
+
+Find the line that says:
+```
+#PasswordAuthentication yes
+```
+
+Change it to:
+```
+PasswordAuthentication no
+```
+
+**Step 4: Configure Protocol Family (Optional)**
+
+If you only need IPv4 connections, find or add:
+```
+#AddressFamily any
+```
+
+Change it to:
+```
+AddressFamily inet
+```
+
+**Step 5: Save and Exit**
+
+- Press `Ctrl + X` to exit
+- Press `Y` to confirm saving
+- Press `Enter` to confirm the filename
+
+**Step 6: Test SSH Configuration**
+
+```bash
+# Test the SSH configuration for syntax errors
+sudo sshd -t
+```
+
+**Step 7: Restart SSH Service**
+
+For Ubuntu 22.10+ (socket-based activation):
+```bash
+sudo systemctl enable --now ssh.service
+```
+
+For other distributions:
+```bash
+sudo systemctl restart sshd
+```
+
+**Step 8: Verify SSH Access**
+
+**IMPORTANT**: Test SSH access from a new terminal window before closing your current session:
+
+```bash
+# Test Production Linode
+ssh PROD_DEPLOY_USER@YOUR_PRODUCTION_IP 'echo "SSH configuration test successful"'
+```
+
+**What these changes do:**
+
+- **`PermitRootLogin no`**: Completely disables root SSH access
+- **`PasswordAuthentication no`**: Disables password-based authentication
+- **`AddressFamily inet`**: Listens only on IPv4 (optional, for additional security)
+
+**Security Benefits:**
+
+- **No root access**: Eliminates the most common attack vector
+- **Key-only authentication**: Prevents brute force password attacks
+- **Protocol restriction**: Limits SSH to IPv4 only (if configured)
+
+**Emergency Access:**
+
+If you lose SSH access, you can still access the server through:
+- **Linode Console**: Use the Linode dashboard's console access
+- **Emergency mode**: Boot into single-user mode if needed
+
+**Verification Commands:**
+
+```bash
+# Check SSH configuration
+sudo grep -E "(PermitRootLogin|PasswordAuthentication|AddressFamily)" /etc/ssh/sshd_config
+
+# Check SSH service status
+sudo systemctl status ssh
+
+# Check SSH logs for any issues
+sudo journalctl -u ssh -f
+
+# Test SSH access from a new session
+ssh PROD_DEPLOY_USER@YOUR_PRODUCTION_IP 'whoami'
+```
+
+**Expected Output:**
+- `PermitRootLogin no`
+- `PasswordAuthentication no` 
+- `AddressFamily inet` (if configured)
+- SSH service should be "active (running)"
+- Test commands should return the deployment user name
+
+**Important Security Notes:**
+
+1. **Test before closing**: Always test SSH access from a new session before closing your current SSH connection
+2. **Keep backup**: You can restore the original configuration if needed
+3. **Monitor logs**: Check `/var/log/auth.log` for SSH activity and potential attacks
+4. **Regular updates**: Keep SSH and system packages updated for security patches
+
+**Alternative: Manual Configuration with Backup**
+
+If you prefer to manually edit the file with a backup:
+
+```bash
+# Create backup
+sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
+
+# Edit the file
+sudo nano /etc/ssh/sshd_config
+
+# Test configuration
+sudo sshd -t
+
+# Restart service
+sudo systemctl restart ssh
+```
+
 ### Step 11: Create Users
 
 #### 11.1 Create the PROD_SERVICE_USER User
@@ -1757,154 +1904,7 @@ The `docker-compose.prod.yml` file is specifically designed for production deplo
 
 ### Step 15: Configure Security
 
-#### 15.1 Secure SSH Configuration
-
-**Critical Security Step**: After setting up SSH key authentication, you must disable password authentication and root login to secure your Production server.
-
-**Step 1: Edit SSH Configuration File**
-
-```bash
-# Open the SSH configuration file using nano
-sudo nano /etc/ssh/sshd_config
-```
-
-**Step 2: Disallow Root Logins**
-
-Find the line that says:
-```
-#PermitRootLogin prohibit-password
-```
-
-Change it to:
-```
-PermitRootLogin no
-```
-
-**Step 3: Disable Password Authentication**
-
-Find the line that says:
-```
-#PasswordAuthentication yes
-```
-
-Change it to:
-```
-PasswordAuthentication no
-```
-
-**Step 4: Configure Protocol Family (Optional)**
-
-If you only need IPv4 connections, find or add:
-```
-#AddressFamily any
-```
-
-Change it to:
-```
-AddressFamily inet
-```
-
-**Step 5: Save and Exit**
-
-- Press `Ctrl + X` to exit
-- Press `Y` to confirm saving
-- Press `Enter` to confirm the filename
-
-**Step 6: Test SSH Configuration**
-
-```bash
-# Test the SSH configuration for syntax errors
-sudo sshd -t
-```
-
-**Step 7: Restart SSH Service**
-
-For Ubuntu 22.10+ (socket-based activation):
-```bash
-sudo systemctl enable --now ssh.service
-```
-
-For other distributions:
-```bash
-sudo systemctl restart sshd
-```
-
-**Step 8: Verify SSH Access**
-
-**IMPORTANT**: Test SSH access from a new terminal window before closing your current session:
-
-```bash
-# Test Production Linode
-ssh PROD_DEPLOY_USER@YOUR_PRODUCTION_IP 'echo "SSH configuration test successful"'
-```
-
-**What these changes do:**
-
-- **`PermitRootLogin no`**: Completely disables root SSH access
-- **`PasswordAuthentication no`**: Disables password-based authentication
-- **`AddressFamily inet`**: Listens only on IPv4 (optional, for additional security)
-
-**Security Benefits:**
-
-- **No root access**: Eliminates the most common attack vector
-- **Key-only authentication**: Prevents brute force password attacks
-- **Protocol restriction**: Limits SSH to IPv4 only (if configured)
-
-**Emergency Access:**
-
-If you lose SSH access, you can still access the server through:
-- **Linode Console**: Use the Linode dashboard's console access
-- **Emergency mode**: Boot into single-user mode if needed
-
-**Verification Commands:**
-
-```bash
-# Check SSH configuration
-sudo grep -E "(PermitRootLogin|PasswordAuthentication|AddressFamily)" /etc/ssh/sshd_config
-
-# Check SSH service status
-sudo systemctl status ssh
-
-# Check SSH logs for any issues
-sudo journalctl -u ssh -f
-
-# Test SSH access from a new session
-ssh PROD_DEPLOY_USER@YOUR_PRODUCTION_IP 'whoami'
-```
-
-**Expected Output:**
-- `PermitRootLogin no`
-- `PasswordAuthentication no` 
-- `AddressFamily inet` (if configured)
-- SSH service should be "active (running)"
-- Test commands should return the deployment user name
-
-**Important Security Notes:**
-
-1. **Test before closing**: Always test SSH access from a new session before closing your current SSH connection
-2. **Keep backup**: You can restore the original configuration if needed
-3. **Monitor logs**: Check `/var/log/auth.log` for SSH activity and potential attacks
-4. **Regular updates**: Keep SSH and system packages updated for security patches
-
-**Alternative: Manual Configuration with Backup**
-
-If you prefer to manually edit the file with a backup:
-
-```bash
-# Create backup
-sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
-
-# Edit the file
-sudo nano /etc/ssh/sshd_config
-
-# Test configuration
-sudo sshd -t
-
-# Restart service
-sudo systemctl restart ssh
-```
-
-#### 15.2 Configure Firewall
+#### 15.1 Configure Firewall
 
 ```bash
 sudo ufw --force enable