1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-21 17:11:33 -05:00

More SSH Hardening

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-07-01 13:42:21 -07:00 committed by GitHub
parent 70f007a264
commit a6a4f3085b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -8,26 +8,32 @@ MACs -*
# Security hardening
AuthorizedKeysFile .ssh/authorized_keys
Compression no
DisableForwarding yes
LoginGraceTime 15s
MaxAuthTries 1
PermitUserRC no
StrictModes yes
UseDNS no
# Use KeepAlive over SSH instead of with TCP to prevent spoofing
TCPKeepAlive no
ClientAliveInterval 15
ClientAliveCountMax 4
## Use PAM for session checks here but authentication is disabled below
## Also, this prevents running sshd as non-root
UsePAM yes
# Disabling unused authentication methods
ChallengeResponseAuthentication no
GSSAPIAuthentication no
HostbasedAuthentication no
PasswordAuthentication no
PermitRootLogin no
PermitEmptyPasswords no
KbdInteractiveAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
# Disabling unused features
AllowAgentForwarding no
AllowTcpForwarding no
PermitTunnel no
X11Forwarding no
# Displaying info
Banner /etc/issue.net