mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-09 03:31:33 -05:00
Update SSH Hardening
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
563101601e
commit
55db69f9e2
@ -1,11 +1,24 @@
|
|||||||
X11Forwarding no
|
# Encryption hardening
|
||||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||||
HostKeyAlgorithms ssh-ed25519
|
HostKeyAlgorithms ssh-ed25519
|
||||||
|
KexAlgorithms sntrup761x25519-sha512@openssh.com
|
||||||
PubkeyAcceptedKeyTypes ssh-ed25519
|
PubkeyAcceptedKeyTypes ssh-ed25519
|
||||||
Ciphers aes256-gcm@openssh.com
|
Ciphers aes256-gcm@openssh.com
|
||||||
MACs -*
|
MACs -*
|
||||||
|
|
||||||
|
# Disabling unused authentication methods
|
||||||
PasswordAuthentication no
|
PasswordAuthentication no
|
||||||
PermitRootLogin no
|
PermitRootLogin no
|
||||||
KerberosAuthentication no
|
KerberosAuthentication no
|
||||||
GSSAPIAuthentication no
|
GSSAPIAuthentication no
|
||||||
|
|
||||||
|
# Disabling unused features
|
||||||
|
AllowAgentForwarding no
|
||||||
|
AllowTcpForwarding no
|
||||||
|
PermitTunnel no
|
||||||
|
X11Forwarding no
|
||||||
|
|
||||||
|
# Displaying info
|
||||||
Banner /etc/issue.net
|
Banner /etc/issue.net
|
||||||
|
PrintLastLog yes
|
||||||
|
PrintMotd yes
|
||||||
|
Loading…
Reference in New Issue
Block a user