From 70f007a26447428bf79705b6140d6e367e6061c2 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Mon, 1 Jul 2024 12:57:20 -0700
Subject: [PATCH] More hardening options

Signed-off-by: Tommy <contact@tommytran.io>
---
 etc/ssh/sshd_config.d/10-custom.conf | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/etc/ssh/sshd_config.d/10-custom.conf b/etc/ssh/sshd_config.d/10-custom.conf
index d28aba5..d250158 100644
--- a/etc/ssh/sshd_config.d/10-custom.conf
+++ b/etc/ssh/sshd_config.d/10-custom.conf
@@ -6,9 +6,20 @@ PubkeyAcceptedKeyTypes ssh-ed25519
 Ciphers aes256-gcm@openssh.com
 MACs -*
 
+# Security hardening
+AuthorizedKeysFile .ssh/authorized_keys
+LoginGraceTime 15s
+MaxAuthTries 1
+StrictModes yes
+
+## Use PAM for session checks here but authentication is disabled below
+UsePAM yes
+
 # Disabling unused authentication methods
+ChallengeResponseAuthentication no
 PasswordAuthentication no
 PermitRootLogin no
+KbdInteractiveAuthentication no
 KerberosAuthentication no
 GSSAPIAuthentication no