Tomster/Linux-Setup-Scripts
1
0
Fork 0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-22 09:31:34 -05:00
Code

Update SSH Hardening

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-07-01 12:36:36 -07:00 committed by GitHub
parent 563101601e
commit 55db69f9e2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
etc/ssh/sshd_config.d/10-custom.conf
View File

@ -1,11 +1,24 @@
X11Forwarding no # Encryption hardening
HostKey /etc/ssh/ssh_host_ed25519_key HostKey /etc/ssh/ssh_host_ed25519_key
HostKeyAlgorithms ssh-ed25519 HostKeyAlgorithms ssh-ed25519
KexAlgorithms sntrup761x25519-sha512@openssh.com
PubkeyAcceptedKeyTypes ssh-ed25519 PubkeyAcceptedKeyTypes ssh-ed25519
Ciphers aes256-gcm@openssh.com Ciphers aes256-gcm@openssh.com
MACs -* MACs -*
# Disabling unused authentication methods
PasswordAuthentication no PasswordAuthentication no
PermitRootLogin no PermitRootLogin no
KerberosAuthentication no KerberosAuthentication no
GSSAPIAuthentication no GSSAPIAuthentication no
# Disabling unused features
AllowAgentForwarding no
AllowTcpForwarding no
PermitTunnel no
X11Forwarding no
# Displaying info
Banner /etc/issue.net Banner /etc/issue.net
PrintLastLog yes
PrintMotd yes