Another infrastructural service that is security sensitive is a shell service. Whereas malicious individuals would be happy to get remote command execution (RCE) vulnerabilities on systems to exploit, shell services immediately provide an interactive environment. Of course, securing shell services is an important strategy for administrators.
One potential approach to harden a shell-service-providing server is to split the access for administrators and users.
The user-facing SSH server could possibly require just user ID and password authentication or key-based authentication. It'll be running on the default port
22 and perhaps enables chrooted SSH so that the regular users do not have ...