diff --git a/arch-install-notes.md b/arch-install-notes.md
index 1874d58..c6f5900 100644
--- a/arch-install-notes.md
+++ b/arch-install-notes.md
@@ -20,26 +20,24 @@
 - [x] Mount filesystems
 
 ### Base System Installation
-- [ ] Update package database: `pacman -Sy`
-- [ ] Install base system: `pacstrap /mnt base linux linux-firmware`
-- [ ] Generate fstab: `genfstab -U /mnt >> /mnt/etc/fstab`
-- [ ] Chroot: `arch-chroot /mnt`
+- [x] Update package database: `pacman -Sy`
+- [x] Install base system: `pacstrap /mnt base linux linux-firmware`
+- [x] Generate fstab: `genfstab -U /mnt >> /mnt/etc/fstab`
+- [x] Chroot: `arch-chroot /mnt`
 
 ### System Configuration
-- [ ] Set timezone
-- [ ] Configure locale
-- [ ] Set hostname
-- [ ] Configure network
-- [ ] Set root password
-- [ ] Install bootloader (GRUB)
-- [ ] Create user account with sudo privileges
+- [x] Set timezone
+- [x] Configure locale
+- [x] Set hostname
+- [x] Configure network
+- [x] Set root password
+- [x] Install bootloader (GRUB)
+- [x] Create user account with sudo privileges
 
 ## Post-Installation Priorities
-- [ ] Install essential packages (git, base-devel)
-- [ ] Set up AUR access
-- [ ] Install Deskflow
-- [ ] Install and configure yadm: `pacman -S yadm`
-- [ ] Clone dotfiles: `yadm clone <your-dotfiles-repo>`
-- [ ] Install SSH server: `pacman -S openssh`
-- [ ] Enable SSH service: `systemctl enable sshd`
-- [ ] Configure firewall
+- [x] Install SSH server: `pacman -S openssh`
+- [x] Enable SSH service: `systemctl enable sshd`
+- [x] Create user account with proper sudo access
+- [x] Basic network configuration
+
+See [arch-linux-setup.md](arch-linux-setup.md) for comprehensive post-installation tasks.
diff --git a/ssh-setup-guide.md b/ssh-setup-guide.md
index 6a51f1d..2ed5015 100644
--- a/ssh-setup-guide.md
+++ b/ssh-setup-guide.md
@@ -105,15 +105,31 @@ Host thinkpad
 # Edit SSH config to disable password authentication
 sudo nano /etc/ssh/sshd_config
 
-# Set these values:
+# Basic hardening settings:
 # PasswordAuthentication no
 # PermitEmptyPasswords no
 # ChallengeResponseAuthentication no
+# PermitRootLogin no
+# Protocol 2
+
+# Advanced hardening (optional):
+# Port 2222  # Change from default port 22
+# MaxAuthTries 3
+# ClientAliveInterval 300
+# ClientAliveCountMax 2
+# AllowUsers your-username  # Restrict to specific users
 
 # Restart SSH
 sudo systemctl restart sshd
 ```
 
+### Additional Security Steps:
+- [ ] **Change SSH port**: Edit `Port 22` to custom port (e.g., `Port 2222`)
+- [ ] **Install fail2ban**: `sudo pacman -S fail2ban && sudo systemctl enable fail2ban`
+- [ ] **Configure firewall**: Update ufw rules for new SSH port if changed
+- [ ] **Set up dynamic DNS**: For remote access (DuckDNS, No-IP, Cloudflare)
+- [ ] **Consider VPN**: For secure remote access instead of exposing SSH
+
 ## Setting Up Hostname Resolution
 
 ### Method 1: Using /etc/hosts (Simple, Local Only)