X2Go uses SSH as transport, so SSH hardening and session policy controls are essential.
- Enforce modern SSH ciphers and key algorithms.
- Use key-based auth and disable password auth where possible.
- Restrict X2Go SSH access to approved users/groups.
- Limit desktop session privileges on remote hosts.
- Restrict forwarded devices/features not required by policy.
- Log session start/stop and failed login attempts.