From 53340db0eabe8e5bd24d37015ff34328d0941015 Mon Sep 17 00:00:00 2001 From: Tommy Date: Tue, 10 Oct 2023 12:23:50 -0700 Subject: [PATCH] Update SSH hardening --- GCP-Debian-11.sh | 4 +--- RHEL-Server-9.sh | 11 +---------- Ubuntu-22.04-Server.sh | 11 +---------- 3 files changed, 3 insertions(+), 23 deletions(-) diff --git a/GCP-Debian-11.sh b/GCP-Debian-11.sh index 8c83d68..acd4c78 100644 --- a/GCP-Debian-11.sh +++ b/GCP-Debian-11.sh @@ -35,9 +35,7 @@ sudo ufw allow OpenSSH echo 'GSSAPIAuthentication no VerifyHostKeyDNS yes' | sudo tee /etc/ssh/ssh_config.d/10-custom.conf sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf -echo 'PasswordAuthentication no -KerberosAuthentication no -GSSAPIAuthentication no' | sudo tee /etc/ssh/sshd_config.d/10-custom.conf +sudo curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/sshd_config/10-custom.conf -o /etc/ssh/sshd_config.d/10-custom.conf sudo chmod 644 /etc/ssh/sshd_config.d/10-custom.conf sudo mkdir -p /etc/systemd/system/ssh.service.d sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/local.conf -o /etc/systemd/system/ssh.service.d/override.conf diff --git a/RHEL-Server-9.sh b/RHEL-Server-9.sh index 1be480b..3ea8a58 100644 --- a/RHEL-Server-9.sh +++ b/RHEL-Server-9.sh @@ -34,16 +34,7 @@ mkdir -p /etc/ssh/ssh_config.d /etc/ssh/sshd_config.d echo 'GSSAPIAuthentication no VerifyHostKeyDNS yes' | sudo tee /etc/ssh/ssh_config.d/10-custom.conf sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf -echo 'HostKey /etc/ssh/ssh_host_ed25519_key -HostKeyAlgorithms ssh-ed25519 -#KexAlgorithms sntrup761x25519-sha512@openssh.com -PubkeyAcceptedKeyTypes ssh-ed25519 -Ciphers aes256-gcm@openssh.com -MACs -* -PasswordAuthentication no -PermitRootLogin no -KerberosAuthentication no -GSSAPIAuthentication no' | sudo tee /etc/ssh/sshd_config.d/10-custom.conf +sudo curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/sshd_config/10-custom.conf -o /etc/ssh/sshd_config.d/10-custom.conf sudo chmod 644 /etc/ssh/sshd_config.d/10-custom.conf sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/local.conf -o /etc/systemd/system/sshd.service.d/override.conf sudo systemctl daemon-reload diff --git a/Ubuntu-22.04-Server.sh b/Ubuntu-22.04-Server.sh index e785ec5..b09789b 100644 --- a/Ubuntu-22.04-Server.sh +++ b/Ubuntu-22.04-Server.sh @@ -45,16 +45,7 @@ sudo ufw allow OpenSSH echo 'GSSAPIAuthentication no VerifyHostKeyDNS yes' | sudo tee /etc/ssh/ssh_config.d/10-custom.conf sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf -echo 'HostKey /etc/ssh/ssh_host_ed25519_key -HostKeyAlgorithms ssh-ed25519 -#KexAlgorithms sntrup761x25519-sha512@openssh.com -PubkeyAcceptedKeyTypes ssh-ed25519 -Ciphers aes256-gcm@openssh.com -MACs -* -PasswordAuthentication no -PermitRootLogin no -KerberosAuthentication no -GSSAPIAuthentication no' | sudo tee /etc/ssh/sshd_config.d/10-custom.conf +sudo curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/sshd_config/10-custom.conf -o /etc/ssh/sshd_config.d/10-custom.conf sudo chmod 644 /etc/ssh/sshd_config.d/10-custom.conf sudo mkdir -p /etc/systemd/system/ssh.service.d sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/local.conf -o /etc/systemd/system/ssh.service.d/override.conf