mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-09 03:31:33 -05:00
More SSH Hardening
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
70f007a264
commit
a6a4f3085b
@ -8,26 +8,32 @@ MACs -*
|
|||||||
|
|
||||||
# Security hardening
|
# Security hardening
|
||||||
AuthorizedKeysFile .ssh/authorized_keys
|
AuthorizedKeysFile .ssh/authorized_keys
|
||||||
|
Compression no
|
||||||
|
DisableForwarding yes
|
||||||
LoginGraceTime 15s
|
LoginGraceTime 15s
|
||||||
MaxAuthTries 1
|
MaxAuthTries 1
|
||||||
|
PermitUserRC no
|
||||||
StrictModes yes
|
StrictModes yes
|
||||||
|
UseDNS no
|
||||||
|
|
||||||
|
# Use KeepAlive over SSH instead of with TCP to prevent spoofing
|
||||||
|
TCPKeepAlive no
|
||||||
|
ClientAliveInterval 15
|
||||||
|
ClientAliveCountMax 4
|
||||||
|
|
||||||
## Use PAM for session checks here but authentication is disabled below
|
## Use PAM for session checks here but authentication is disabled below
|
||||||
|
## Also, this prevents running sshd as non-root
|
||||||
UsePAM yes
|
UsePAM yes
|
||||||
|
|
||||||
# Disabling unused authentication methods
|
# Disabling unused authentication methods
|
||||||
ChallengeResponseAuthentication no
|
ChallengeResponseAuthentication no
|
||||||
|
GSSAPIAuthentication no
|
||||||
|
HostbasedAuthentication no
|
||||||
PasswordAuthentication no
|
PasswordAuthentication no
|
||||||
PermitRootLogin no
|
PermitRootLogin no
|
||||||
|
PermitEmptyPasswords no
|
||||||
KbdInteractiveAuthentication no
|
KbdInteractiveAuthentication no
|
||||||
KerberosAuthentication no
|
KerberosAuthentication no
|
||||||
GSSAPIAuthentication no
|
|
||||||
|
|
||||||
# Disabling unused features
|
|
||||||
AllowAgentForwarding no
|
|
||||||
AllowTcpForwarding no
|
|
||||||
PermitTunnel no
|
|
||||||
X11Forwarding no
|
|
||||||
|
|
||||||
# Displaying info
|
# Displaying info
|
||||||
Banner /etc/issue.net
|
Banner /etc/issue.net
|
||||||
|
Loading…
Reference in New Issue
Block a user