From 55db69f9e26dcf3ef18c0c7a1dd346c059a49de9 Mon Sep 17 00:00:00 2001 From: Tommy Date: Mon, 1 Jul 2024 12:36:36 -0700 Subject: [PATCH] Update SSH Hardening Signed-off-by: Tommy --- etc/ssh/sshd_config.d/10-custom.conf | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/etc/ssh/sshd_config.d/10-custom.conf b/etc/ssh/sshd_config.d/10-custom.conf index c2c399b..d28aba5 100644 --- a/etc/ssh/sshd_config.d/10-custom.conf +++ b/etc/ssh/sshd_config.d/10-custom.conf @@ -1,11 +1,24 @@ -X11Forwarding no +# Encryption hardening HostKey /etc/ssh/ssh_host_ed25519_key HostKeyAlgorithms ssh-ed25519 +KexAlgorithms sntrup761x25519-sha512@openssh.com PubkeyAcceptedKeyTypes ssh-ed25519 Ciphers aes256-gcm@openssh.com MACs -* + +# Disabling unused authentication methods PasswordAuthentication no PermitRootLogin no KerberosAuthentication no GSSAPIAuthentication no -Banner /etc/issue.net \ No newline at end of file + +# Disabling unused features +AllowAgentForwarding no +AllowTcpForwarding no +PermitTunnel no +X11Forwarding no + +# Displaying info +Banner /etc/issue.net +PrintLastLog yes +PrintMotd yes