From 3be6ad08179c72932db1ba167ac247999f37c54c Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Mon, 1 Jul 2024 14:03:54 -0700
Subject: [PATCH] Even more SSHD Hardening

Signed-off-by: Tommy <contact@tommytran.io>
---
 etc/ssh/sshd_config.d/10-custom.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/etc/ssh/sshd_config.d/10-custom.conf b/etc/ssh/sshd_config.d/10-custom.conf
index 612614a..ccae084 100644
--- a/etc/ssh/sshd_config.d/10-custom.conf
+++ b/etc/ssh/sshd_config.d/10-custom.conf
@@ -7,11 +7,13 @@ Ciphers aes256-gcm@openssh.com
 MACs -*
 
 # Security hardening
+AuthenticationMethods publickey
 AuthorizedKeysFile .ssh/authorized_keys
 Compression no
 DisableForwarding yes
 LoginGraceTime 15s
 MaxAuthTries 1
+PermitUserEnvironment no
 PermitUserRC no
 StrictModes yes
 UseDNS no