From 55db69f9e26dcf3ef18c0c7a1dd346c059a49de9 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Mon, 1 Jul 2024 12:36:36 -0700
Subject: [PATCH] Update SSH Hardening

Signed-off-by: Tommy <contact@tommytran.io>
---
 etc/ssh/sshd_config.d/10-custom.conf | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/etc/ssh/sshd_config.d/10-custom.conf b/etc/ssh/sshd_config.d/10-custom.conf
index c2c399b..d28aba5 100644
--- a/etc/ssh/sshd_config.d/10-custom.conf
+++ b/etc/ssh/sshd_config.d/10-custom.conf
@@ -1,11 +1,24 @@
-X11Forwarding no
+# Encryption hardening
 HostKey /etc/ssh/ssh_host_ed25519_key
 HostKeyAlgorithms ssh-ed25519
+KexAlgorithms sntrup761x25519-sha512@openssh.com
 PubkeyAcceptedKeyTypes ssh-ed25519
 Ciphers aes256-gcm@openssh.com
 MACs -*
+
+# Disabling unused authentication methods
 PasswordAuthentication no
 PermitRootLogin no
 KerberosAuthentication no
 GSSAPIAuthentication no
-Banner /etc/issue.net
\ No newline at end of file
+
+# Disabling unused features
+AllowAgentForwarding no
+AllowTcpForwarding no
+PermitTunnel no
+X11Forwarding no
+
+# Displaying info
+Banner /etc/issue.net
+PrintLastLog yes
+PrintMotd yes