1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-09 03:31:33 -05:00

More SSH Hardening

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-07-01 13:42:21 -07:00 committed by GitHub
parent 70f007a264
commit a6a4f3085b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -8,26 +8,32 @@ MACs -*
# Security hardening # Security hardening
AuthorizedKeysFile .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys
Compression no
DisableForwarding yes
LoginGraceTime 15s LoginGraceTime 15s
MaxAuthTries 1 MaxAuthTries 1
PermitUserRC no
StrictModes yes StrictModes yes
UseDNS no
# Use KeepAlive over SSH instead of with TCP to prevent spoofing
TCPKeepAlive no
ClientAliveInterval 15
ClientAliveCountMax 4
## Use PAM for session checks here but authentication is disabled below ## Use PAM for session checks here but authentication is disabled below
## Also, this prevents running sshd as non-root
UsePAM yes UsePAM yes
# Disabling unused authentication methods # Disabling unused authentication methods
ChallengeResponseAuthentication no ChallengeResponseAuthentication no
GSSAPIAuthentication no
HostbasedAuthentication no
PasswordAuthentication no PasswordAuthentication no
PermitRootLogin no PermitRootLogin no
PermitEmptyPasswords no
KbdInteractiveAuthentication no KbdInteractiveAuthentication no
KerberosAuthentication no KerberosAuthentication no
GSSAPIAuthentication no
# Disabling unused features
AllowAgentForwarding no
AllowTcpForwarding no
PermitTunnel no
X11Forwarding no
# Displaying info # Displaying info
Banner /etc/issue.net Banner /etc/issue.net